Forum Discussion
CirrusF5 iRule Reverse Proxy, rewrite, redirect
Hello everyone,
We currently have a scenario where a URL is no longer available and needs to be (redirected). The starting point is when https://company.com/tool is accessed, it should (redirect) to https://x.x.x.x/tool. Unfortunately, the (redirected) website doesn't have an FQDN, so it needs to be (redirected) to the IP address. Of course, https://company.com/tool should remain in the browser. Is this possible? A reverse proxy approach? Could someone provide me an example iRule?
THX
6 Replies
- zamroni777
MVP
if the https target uses ip that means users will need to allow exception to the untrusted ssl certificate.
http redirect will also change url in browser address bar.i assume you already have https://company.com already served by f5 vserver.
so, create a new pool and add x.x.x.x:443 as pool member.
then create new Local traffic Policy to use that new pool for /tool then attach the new ltp to the vserver. 
eLeCtRoNMy which would be to do it in the reverse proxy way, but my question at the beginning was is it possible in general, because I did try a redirct but after the https://x.x.x.x/tool it is no host header present which I could change for the browser masking.
- Injeyan_Kostas
Nacreous
As said if you do a redirect the browser url will change
It is possible to keep the url sameif you reverse proxy the request as described in my first answerDid you tried it?
- eLeCtRoN
Hello,
how about the browser masking ? The other page is just accessible with https://IP-Address/toolno FQDN, no company.com host anymore, so in your case I should use a pool with a member inside which is the server that hosting the new page https://IP-Address/tool, How about certificate issues ? For me doesn't matter it is a redirect or not, I need a possible working solution, thats all ;), I search the best way to do that.
- Injeyan_Kostas
The issue comes when you say
Of course, https://company.com/tool should remain in the browser.
If you don't need this the a simple redirect is fine
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "company.com" { switch -glob [string tolower [HTTP::path]] { "/tool/*" { HTTP::redirect "https://x.x.x.x[HTTP::path]" } default {} } } default {} } }but with redirect of course the browser url will change and there will be a certificate warning due to ip used instead of a url with valid cert
If you reverse poxy the request there will be no cert issue as you will stil server company.com domain which I assume you have certificate for
- Injeyan_Kostas
Hello,
What you asking can be done but it's not a redirect.
You will just send the traffic to a different pool.
So you have to create a new pool and add as member the IP of the server
You can then create an irule like this
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "company.com" { switch -glob [string tolower [HTTP::path]] { "/tool/*" { pool new_pool } default {} } } default {} } }
