Forum Discussion
Wasim_Hassan_13
Nimbostratus
NimbostratusHostname Modification in F5
Hi,
I have below mention requirement
users will have the link
http://testmail.abc.com
and it will redirect to
http://uatebsapp1.abc.com:8060
but i want to hide the actual server name from the users. like instead of showing that user is accessing the APP1 i want to modify the actual URL to something like
http://server1.abc.com:8060
Please let me know how can i do this.
17 Replies
nitass_89166Noctilucent
e.g.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 46 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:8060 { address 200.200.200.101 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when HTTP_REQUEST { HTTP::header replace Host uatebsapp1.abc.com:8060 } } trace [root@ve11a:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 or port 8060 New TCP connection 1: 172.28.24.1(48569) <-> 172.28.24.10(80) 1404396749.8259 (0.0017) C>S --------------------------------------------------------------- GET /something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: testmail.abc.com --------------------------------------------------------------- New TCP connection 2: 200.200.200.14(48569) <-> 200.200.200.101(8060) 1404396750.0406 (0.2125) C>S --------------------------------------------------------------- GET /something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: uatebsapp1.abc.com:8060 ---------------------------------------------------------------
Wasim_Hassan_13Hi, I have one iRule already mapped with VIP when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::redirect "http://ebsdmz.abc.com:8080/OA_HTML/AppsLogin" } } so user are getting in the URL below URL after redirection. http://uatebsapp1.abc.com:8060 Now You want to me add one more iRule as mentoin below like below when HTTP_REQUEST { HTTP::header replace Host uatebsapp1.abc.com:8060 But where it is mentioning that user will get the http://server1.abc.com:8060 Please correct me if i am wrong
- nitass
Employee
e.g.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 46 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:8060 { address 200.200.200.101 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when HTTP_REQUEST { HTTP::header replace Host uatebsapp1.abc.com:8060 } } trace [root@ve11a:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 or port 8060 New TCP connection 1: 172.28.24.1(48569) <-> 172.28.24.10(80) 1404396749.8259 (0.0017) C>S --------------------------------------------------------------- GET /something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: testmail.abc.com --------------------------------------------------------------- New TCP connection 2: 200.200.200.14(48569) <-> 200.200.200.101(8060) 1404396750.0406 (0.2125) C>S --------------------------------------------------------------- GET /something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: uatebsapp1.abc.com:8060 ---------------------------------------------------------------- Wasim_Hassan_13Hi, I have one iRule already mapped with VIP when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::redirect "http://ebsdmz.abc.com:8080/OA_HTML/AppsLogin" } } so user are getting in the URL below URL after redirection. http://uatebsapp1.abc.com:8060 Now You want to me add one more iRule as mentoin below like below when HTTP_REQUEST { HTTP::header replace Host uatebsapp1.abc.com:8060 But where it is mentioning that user will get the http://server1.abc.com:8060 Please correct me if i am wrong
- nitass
sorry i overlooked the http://server1.abc.com:8060 part.
in general, if you want to change url in browser, you have to use HTTP::redirect (or HTTP::respond). HTTP::redirect will send user response asking user to send request to a new url. if the new url is on different port (e.g. 8060), you need another virtual server listening on that port (to accept the new request).
when sending request to pool member, host header and uri can be changed using HTTP::header and HTTP::uri commands respectively.
hope this helps.
- Wasim_Hassan_13Hi, can you please give me the example of redirect. I have one rule already and I have created new VIP against port 8060. when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::redirect "http://ebsdmz.abc.com:8060/OA_HTML/AppsLogin" } } ltm virtual VS_TEST { destination 192.168.206.24:8060 ip-protocol tcp mask 255.255.255.255 partition PRPRDWEBDMZ persist { PRDWEB_STICKY { default yes } } pool TEST_POOL profiles { /Common/tcp { } PRE-PROD-WEB-DMZ-Profile { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 140 ltm virtual VS_DMZEBS { destination 192.168.206.23:any ip-protocol tcp mask 255.255.255.255 partition PRPRDWEBDMZ persist { PRDWEB_STICKY { default yes } } pool PL_DMZEBS profiles { /Common/tcp { } PRE-PROD-WEB-DMZ-Profile { } } rules { UAT_DMZEBS } source 0.0.0.0/0 source-address-translation { type automap } translate-port disabled vlans { PRE-PROD-WEB-DMZ } vlans-enabled vs-index 119 Please let me know what will be irule.
- nitass_89166
sorry i overlooked the http://server1.abc.com:8060 part.
in general, if you want to change url in browser, you have to use HTTP::redirect (or HTTP::respond). HTTP::redirect will send user response asking user to send request to a new url. if the new url is on different port (e.g. 8060), you need another virtual server listening on that port (to accept the new request).
when sending request to pool member, host header and uri can be changed using HTTP::header and HTTP::uri commands respectively.
hope this helps.
- Wasim_Hassan_13Hi, can you please give me the example of redirect. I have one rule already and I have created new VIP against port 8060. when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::redirect "http://ebsdmz.abc.com:8060/OA_HTML/AppsLogin" } } ltm virtual VS_TEST { destination 192.168.206.24:8060 ip-protocol tcp mask 255.255.255.255 partition PRPRDWEBDMZ persist { PRDWEB_STICKY { default yes } } pool TEST_POOL profiles { /Common/tcp { } PRE-PROD-WEB-DMZ-Profile { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 140 ltm virtual VS_DMZEBS { destination 192.168.206.23:any ip-protocol tcp mask 255.255.255.255 partition PRPRDWEBDMZ persist { PRDWEB_STICKY { default yes } } pool PL_DMZEBS profiles { /Common/tcp { } PRE-PROD-WEB-DMZ-Profile { } } rules { UAT_DMZEBS } source 0.0.0.0/0 source-address-translation { type automap } translate-port disabled vlans { PRE-PROD-WEB-DMZ } vlans-enabled vs-index 119 Please let me know what will be irule.
- nitass
what the irule does is if host and port in url is uatebsapp1.abc.com:8060, send redirection to same uri but server1.abc.com:8060.
if host and port in url is not uatebsapp1.abc.com:8060, send request to pool member but change host and port to uatebsapp1.abc.com:8060.
you have to also map server1.abc.com to virtual server ip which is listening on port 8060.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:8060 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 49 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when HTTP_REQUEST { if { [HTTP::host] eq "uatebsapp1.abc.com:8060" } { HTTP::redirect "http://server1.abc.com:8060[HTTP::uri]" } } when HTTP_REQUEST_SEND { clientside { HTTP::header replace Host "uatebsapp1.abc.com:8060" } } } trace [root@ve11a:Active:In Sync] config ssldump -Aed -nni 0.0 port 8060 or port 80 New TCP connection 1: 172.28.24.1(51845) <-> 172.28.24.10(8060) 1404642113.4968 (0.0055) C>S --------------------------------------------------------------- GET /something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: uatebsapp1.abc.com:8060 --------------------------------------------------------------- 1404642113.4969 (0.0000) S>C --------------------------------------------------------------- HTTP/1.0 302 Found Location: http://server1.abc.com:8060/something Server: BigIP Connection: Keep-Alive Content-Length: 0 --------------------------------------------------------------- New TCP connection 2: 172.28.24.1(51846) <-> 172.28.24.10(8060) 1404642113.5074 (0.0027) C>S --------------------------------------------------------------- GET /something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: server1.abc.com:8060 Accept: */* --------------------------------------------------------------- New TCP connection 3: 200.200.200.14(51846) <-> 200.200.200.101(80) 1404642113.5238 (0.0162) C>S --------------------------------------------------------------- GET /something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: uatebsapp1.abc.com:8060 Accept: */* --------------------------------------------------------------- - nitass_89166
or you may rewrite location header (e.g. from uatebsapp1.abc.com:8060 to server1.abc.com:8060) in response from pool member.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:8060 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 49 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when HTTP_REQUEST_SEND { clientside { HTTP::header replace Host "uatebsapp1.abc.com:8060" } } when HTTP_RESPONSE { if { [HTTP::status] == 302 } { HTTP::header replace Location [string map {uatebsapp1.abc.com:8060 server1.abc.com:8060} [HTTP::header Location]] } } } client [root@centos1 ~] curl -i http://172.28.24.10:8060/OA_HTML/AppsLogin -H "host: ebsdmz.abc.com:8060" HTTP/1.1 302 Found Date: Sun, 06 Jul 2014 11:21:34 GMT Server: Apache/2.2.3 (CentOS) Location: http://server1.abc.com:8060/ Content-Length: 300 Content-Type: text/html; charset=iso-8859-1 trace [root@ve11a:Active:In Sync] config ssldump -Aed -nni 0.0 port 8060 or port 80 New TCP connection 1: 172.28.24.1(51851) <-> 172.28.24.10(8060) 1404646386.7267 (0.0021) C>S --------------------------------------------------------------- GET /OA_HTML/AppsLogin HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* host: ebsdmz.abc.com:8060 --------------------------------------------------------------- New TCP connection 2: 200.200.200.14(51851) <-> 200.200.200.101(80) 1404646386.7288 (0.0019) C>S --------------------------------------------------------------- GET /OA_HTML/AppsLogin HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* host: uatebsapp1.abc.com:8060 --------------------------------------------------------------- 1404646386.7648 (0.0360) S>C --------------------------------------------------------------- HTTP/1.1 302 Found Date: Sun, 06 Jul 2014 11:21:34 GMT Server: Apache/2.2.3 (CentOS) Location: http://uatebsapp1.abc.com:8060/ Content-Length: 300 Content-Type: text/html; charset=iso-8859-1 ...snipped... --------------------------------------------------------------- 1404646386.7649 (0.0382) S>C --------------------------------------------------------------- HTTP/1.1 302 Found Date: Sun, 06 Jul 2014 11:21:34 GMT Server: Apache/2.2.3 (CentOS) Location: http://server1.abc.com:8060/ Content-Length: 300 Content-Type: text/html; charset=iso-8859-1 ...snipped... ---------------------------------------------------------------- Wasim_Hassan_13Hi, I am trying the below config but no luck user is trying http://192.168.206.24:8080 ltm virtual VS_TEST { destination 192.168.206.24:webcache ip-protocol tcp mask 255.255.255.255 partition PRPRDWEBDMZ persist { ENOC_PRDWEB_STICKY { default yes } } pool TEST_POOL profiles { /Common/tcp { } PRE-PROD-WEB-DMZ-Profile { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 140 } ltm pool TEST_POOL { members { PRE-PRD-WebServer1:http { address 192.168.206.21 session monitor-enabled state up } PRE-PRD-WebServer2:http { address 192.168.206.22 session monitor-enabled state up } } monitor EBS_UAT partition PRPRDWEBDMZ ltm rule UAT_TEST { partition PRPRDWEBDMZ when HTTP_REQUEST { if { [HTTP::host] eq "uatebsapp1.abc.com:8080" } { HTTP::redirect "http://server1.abc.com:8080[HTTP::uri]" } } when HTTP_REQUEST_SEND { clientside { HTTP::header replace Host "uatebsapp1.abc.com:8080" } } }
- nitass_89166did you assign the irule to the virtual server?
- Wasim_Hassan_13yes I have applied the irule to the VS ltm virtual VS_TEST { destination 192.168.206.24:webcache ip-protocol tcp mask 255.255.255.255 partition PRPRDWEBDMZ persist { ENOC_PRDWEB_STICKY { default yes } } pool TEST_POOL profiles { /Common/tcp { } PRE-PROD-WEB-DMZ-Profile { } } rules { UAT_TEST } source 0.0.0.0/0 source-address-translation { type automap } vs-index 140
- nitass
or you may rewrite location header (e.g. from uatebsapp1.abc.com:8060 to server1.abc.com:8060) in response from pool member.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:8060 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 49 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when HTTP_REQUEST_SEND { clientside { HTTP::header replace Host "uatebsapp1.abc.com:8060" } } when HTTP_RESPONSE { if { [HTTP::status] == 302 } { HTTP::header replace Location [string map {uatebsapp1.abc.com:8060 server1.abc.com:8060} [HTTP::header Location]] } } } client [root@centos1 ~] curl -i http://172.28.24.10:8060/OA_HTML/AppsLogin -H "host: ebsdmz.abc.com:8060" HTTP/1.1 302 Found Date: Sun, 06 Jul 2014 11:21:34 GMT Server: Apache/2.2.3 (CentOS) Location: http://server1.abc.com:8060/ Content-Length: 300 Content-Type: text/html; charset=iso-8859-1 trace [root@ve11a:Active:In Sync] config ssldump -Aed -nni 0.0 port 8060 or port 80 New TCP connection 1: 172.28.24.1(51851) <-> 172.28.24.10(8060) 1404646386.7267 (0.0021) C>S --------------------------------------------------------------- GET /OA_HTML/AppsLogin HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* host: ebsdmz.abc.com:8060 --------------------------------------------------------------- New TCP connection 2: 200.200.200.14(51851) <-> 200.200.200.101(80) 1404646386.7288 (0.0019) C>S --------------------------------------------------------------- GET /OA_HTML/AppsLogin HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* host: uatebsapp1.abc.com:8060 --------------------------------------------------------------- 1404646386.7648 (0.0360) S>C --------------------------------------------------------------- HTTP/1.1 302 Found Date: Sun, 06 Jul 2014 11:21:34 GMT Server: Apache/2.2.3 (CentOS) Location: http://uatebsapp1.abc.com:8060/ Content-Length: 300 Content-Type: text/html; charset=iso-8859-1 ...snipped... --------------------------------------------------------------- 1404646386.7649 (0.0382) S>C --------------------------------------------------------------- HTTP/1.1 302 Found Date: Sun, 06 Jul 2014 11:21:34 GMT Server: Apache/2.2.3 (CentOS) Location: http://server1.abc.com:8060/ Content-Length: 300 Content-Type: text/html; charset=iso-8859-1 ...snipped... ---------------------------------------------------------------- Wasim_Hassan_13Hi, I am trying the below config but no luck user is trying http://192.168.206.24:8080 ltm virtual VS_TEST { destination 192.168.206.24:webcache ip-protocol tcp mask 255.255.255.255 partition PRPRDWEBDMZ persist { ENOC_PRDWEB_STICKY { default yes } } pool TEST_POOL profiles { /Common/tcp { } PRE-PROD-WEB-DMZ-Profile { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 140 } ltm pool TEST_POOL { members { PRE-PRD-WebServer1:http { address 192.168.206.21 session monitor-enabled state up } PRE-PRD-WebServer2:http { address 192.168.206.22 session monitor-enabled state up } } monitor EBS_UAT partition PRPRDWEBDMZ ltm rule UAT_TEST { partition PRPRDWEBDMZ when HTTP_REQUEST { if { [HTTP::host] eq "uatebsapp1.abc.com:8080" } { HTTP::redirect "http://server1.abc.com:8080[HTTP::uri]" } } when HTTP_REQUEST_SEND { clientside { HTTP::header replace Host "uatebsapp1.abc.com:8080" } } }
- nitassdid you assign the irule to the virtual server?
- Wasim_Hassan_13yes I have applied the irule to the VS ltm virtual VS_TEST { destination 192.168.206.24:webcache ip-protocol tcp mask 255.255.255.255 partition PRPRDWEBDMZ persist { ENOC_PRDWEB_STICKY { default yes } } pool TEST_POOL profiles { /Common/tcp { } PRE-PROD-WEB-DMZ-Profile { } } rules { UAT_TEST } source 0.0.0.0/0 source-address-translation { type automap } vs-index 140
