Forum Discussion
NimbostratusF5 redirect context path to APACHE Web Server.
Hi there,
I’m assisting one of my customer to integrate our software with F5.
I was told that currently, F5 is configured using the Context Path (/abc) which redirect to my application’s APACHE Web Server (abc.com.au). We are not getting much help from customer’s F5 team as was told too difficult to configure iRule in F5.
F5 is configured as below:
e.g. https://example.com.au/abc - > https://abc.com.au:443
My abc.com.au Application is installed and configured based on abc.com.au (APACHE and TOMCAT) host name.
So to login to my abc.com.au application end user uses https://example.com.au/abc/login (/login is my application’s context path)
Now, back end APACHE is configured as below which make a connection to TOMCAT:
ProxyPass /login balancer://abc.com.au_Cluster/login
ProxyPassReverse /login balancer://172.31.16.26_Cluster/login
<Proxy balancer://abc.com.au_Cluster>
BalancerMember http://abc.com.au:8080 route=eda9a7ffce499a0ce772f6bef06f84be_Server1
ProxySet scolonpathdelim=on stickysession=eda9a7ffce499a0ce772f6bef06f84be_Cluster
</Proxy>
Since in header original request (https://example.com.au/abc/login) is passed to my application’s Web APACHE server; my application does not like it since all configurations are based on abc.com.au.
So in F5 is there a way to Rewrite the Request header or any other options from https://example.com.au/abc/login to https://abc.com.au/login so my application “abc.com.au” only see Request is coming from https://abc.com.au but not from https://example.com.au and end users browser only see F5 URL (https://example.com.au).
We have achieved similar requirements in Ngnix using below rule somewhere else:
#If using https, use block below
server {
listen 443 ssl; # Proxy traffic
server_name example.com.au;
ssl on;
if ($is_denied){
return 404;
}
location / {
return 404;
}
location /abc/login {
proxy_pass https://abc.com.au/login/;
}
}
Thank you for your assistance.
JGCumulonimbus
I would fix it on Apache, with something like the following:
<VirtualHost *:80> ServerName example.com.au DocumentRoot "/xxx/xxx" ProxyPass /abc/login balancer://abc.com.au_Cluster/login ProxyPassReverse /abc/login balancer://172.31.16.26_Cluster/login <Proxy balancer://abc.com.au_Cluster> BalancerMember http://abc.com.au:8080 route=eda9a7ffce499a0ce772f6bef06f84be_Server1 ProxySet scolonpathdelim=on stickysession=eda9a7ffce499a0ce772f6bef06f84be_Cluster </Proxy> </VirtualHost>.
MayankThanks for your reply.
Actually, F5 redirects using context path /abc and Web server in internal zone (and doesn't have access to external DNS server) can not resolve to F5 example.com.
- JG
Not sure about your topology now. Where exactly should example.com be hosted?
- Mayank
example.com is a A Record of F5 VIP. Customer uses example,com for multiple applications and redirect specific application using the application specific context path in F5 -
e.g.
https://example.com/abc -> F5 redirect to abc application web server -> https://abc.com
https://example.com/xyz -> F5 redirect to xyz application web server -> https://xyz.com
To access specific application; users enter F5 VIP with Context Path i.e. https://example.com/<Application Context Path>
iaineNacreous
Hi
If I've read your post correctly, you want to change the HTTP Host header and also remove the leading /abc from the URI. If so, something like this would do it...
when HTTP_REQUEST { if {[HTTP::host] contains "example.com.au" } { if {[HTTP::uri] starts_with "/abc/" } { HTTP::uri [string range [HTTP::uri] 4 end] } HTTP::header replace Host "abc.com.au" } }In your Nginx snippet, you are also returning a 404 if you browse to root (/) - do you want to have this functionality as well?
- Mayank
Correct. So above rule would remove just "/abc" context path from URL but leave the application specific context path (/login)?
e.g. https://example.com.au/abc/login - > https://abc.com.au/login
Also, I don't want to return the default page if anyone browse to root (/).
Thank you.
- iaine
Yep, before the request is passed to the web server, the /abc get stripped off and the host header gets changed.
To send a 404 back to the client when browsing to /, the following will do it. You can pimp this up as much as you need to
when HTTP_REQUEST { if {[HTTP::uri] equals "/"} { HTTP::respond 404 content "<HTML><BODY>404 Page Not Found</BODY></HTML>" noserver return } if {[HTTP::host] contains "example.com.au" } { if {[HTTP::uri] starts_with "/abc/" } { HTTP::uri [string range [HTTP::uri] 4 end] } HTTP::header replace Host "abc.com.au" } } - Mayank
We tried the iRule in F5 which stripped off the /abc and rewrite the Header (from example.com.au to abc.com.au) but then end users browser redirect to https://abc.com.au instead https://example.com.au and due to mismatch of server name web server throws Internal Server error.
Thanks.
- iaine
So I'm guessing your application is using absolute paths when sending a redirect rather than relative paths? If so, you can either remedy this using the HTTP profile or in code. To add to the code that you've currently got, it would look something like this
when HTTP_REQUEST { if {[HTTP::uri] equals "/"} { HTTP::respond 404 content "<HTML><BODY>404 Page Not Found</BODY></HTML>" noserver return } if {[HTTP::host] contains "example.com.au" } { if {[HTTP::uri] starts_with "/abc/" } { HTTP::uri [string range [HTTP::uri] 4 end] } HTTP::header replace Host "abc.com.au" } } when HTTP_RESPONSE { if { [HTTP::is_redirect] }{ HTTP::header replace Location [string map {"abc.com.au" "example.com.au"} [HTTP::header Location]] } }There's good article here if you want to look at both options
- Mayank
its a mix...a great deal of pages use relative paths...but some apps have absolute paths - where-in paths are derived from Metadata and database.
- iaine
OK, so the above code is just doing a string match and replace on the redirects....were you able to try it?