Forum Discussion
RAQS
Cirrus
CirrusHow to Forward traffic via F5
Hi Team,
I need to forwrad tha traffic based on URI from one domain to another and this should not visible in browser.
For ex:- When user hit "https://api-q.abc.com:443/lontools-java" then F5 should forward the traffic to " https://cp.api.us01a.xyz.com/qiontools-java" and user should not able to see this change in URL in browser. For user it will remain same as "https://api-q.abc.com:443/lontools-java".
Regards,
RAQS
Hello RAQS,
Sorry for the late response, but I'm on holiday.
Taking into account your backend server is outside of your network (in Cloud), these are your chances:
1. Using redirection.
---------- |--------| | Client |---------- GET https://api-q.abc.com... ----------->| F5 | | |<-- 302 Redirect (https://cp.api.us01a.xyz.com...)--| | ---------- |--------| |--------| |--------| | Client |------- GET https://cp.api.us01a.xyz.com... ------->| Cloud | | |<---------------------- 200 OK ---------------------| Server | |--------| |--------|The redirection will occur transparently for the client, but the URL in the browser will change.
2. Using rewrite profile ( + policy for selecting a different pool)
---------- |--------| | Client |---------- GET https://api-q.abc.com... ----------->| F5 | | |<---------------------- 200 OK ---------------------| | ---------- |--------| |--------| |--------| | F5 |------- GET https://cp.api.us01a.xyz.com... ------->| Cloud | | |<---------------------- 200 OK ---------------------| Server | |--------| |--------|The F5 will receive the query from the client and will replace the host header and URI. This implies that F5 has to reach the cloud server in order to serve the service.
If this resource requires to use of a different backend server different than the default one, you can configure a policy to change the pool (to your Cloud Server) when the URL matches "https://api-q.abc.com:443/lontools-java".
3. Using iRules (not so efficient as point 2, but also feasible)
when HTTP_REQUEST { if { [HTTP::host] eq "api-q.abc.com"}{ if { [HTTP::uri] contains "lontools-java"} { HTTP::header replace Host "cp.api.us01a.xyz.com" HTTP::uri "/qiontools-java" pool test_pool } } }Using the previous iRule, the host header, the URI, and the pool will change when the condition matches.
This is simple to configure and test, but take into account that only the request packet will be replaced, if you need to modify some of the content of the cloud server, you will need to use a rewrite profile (or dig into the payload using iRules).
If this was helpful, please, don't forget to rate my answer as resolved or gimme some upvotes.
Hello RAQS,
You can get this using a rewrite profile
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-12-1-0/17.html
RAQSHi Dario/All,
Do we have anything as HTTP :: Forward in F5 instaed of redirect.
If so what will be the difference between forward and redirect of a URL.
Please help me in acheiving this.
Regards,
RAQS
Hello RAQS.
There are many examples of dealing with reverse proxy solutions in DC.
For example, with iRule you can do something like this:
https://community.f5.com/t5/technical-forum/simple-reverse-proxy-with-irules/m-p/226860But take into account that, depending on your application, you could need to replace the hostname in the REQUEST and the RESPONSE (location header). That's the reason I prefer to use a rewrite profile instead.
- RAQS
Thanks for your time and Parience Dario. So i applied http rewrite policy, but when i apply it site goes down.
There are some dynamic values in URI. Is that making any differences ?
Regards,
Raqs
Hello RAQS.
It's hard to know what is failing because each website is completely different.
Your chance is to use iRules to troubleshoot what is being rewritten and what not.
Capturing traffic with tcpdump + decrypting ssl (https://support.f5.com/csp/article/K12783074) is always a great deal.
