Forum Discussion
How to Forward traffic via F5
- Jul 19, 2022
Hello RAQS,
Sorry for the late response, but I'm on holiday.
Taking into account your backend server is outside of your network (in Cloud), these are your chances:
1. Using redirection.
---------- |--------| | Client |---------- GET https://api-q.abc.com... ----------->| F5 | | |<-- 302 Redirect (https://cp.api.us01a.xyz.com...)--| | ---------- |--------| |--------| |--------| | Client |------- GET https://cp.api.us01a.xyz.com... ------->| Cloud | | |<---------------------- 200 OK ---------------------| Server | |--------| |--------|
The redirection will occur transparently for the client, but the URL in the browser will change.
2. Using rewrite profile ( + policy for selecting a different pool)
---------- |--------| | Client |---------- GET https://api-q.abc.com... ----------->| F5 | | |<---------------------- 200 OK ---------------------| | ---------- |--------| |--------| |--------| | F5 |------- GET https://cp.api.us01a.xyz.com... ------->| Cloud | | |<---------------------- 200 OK ---------------------| Server | |--------| |--------|
The F5 will receive the query from the client and will replace the host header and URI. This implies that F5 has to reach the cloud server in order to serve the service.
If this resource requires to use of a different backend server different than the default one, you can configure a policy to change the pool (to your Cloud Server) when the URL matches "https://api-q.abc.com:443/lontools-java".
3. Using iRules (not so efficient as point 2, but also feasible)
when HTTP_REQUEST { if { [HTTP::host] eq "api-q.abc.com"}{ if { [HTTP::uri] contains "lontools-java"} { HTTP::header replace Host "cp.api.us01a.xyz.com" HTTP::uri "/qiontools-java" pool test_pool } } }
Using the previous iRule, the host header, the URI, and the pool will change when the condition matches.
This is simple to configure and test, but take into account that only the request packet will be replaced, if you need to modify some of the content of the cloud server, you will need to use a rewrite profile (or dig into the payload using iRules).
If this was helpful, please, don't forget to rate my answer as resolved or gimme some upvotes.
Hello RAQS.
There are many examples of dealing with reverse proxy solutions in DC.
For example, with iRule you can do something like this:
https://community.f5.com/t5/technical-forum/simple-reverse-proxy-with-irules/m-p/226860
But take into account that, depending on your application, you could need to replace the hostname in the REQUEST and the RESPONSE (location header). That's the reason I prefer to use a rewrite profile instead.
Thanks for your time and Parience Dario. So i applied http rewrite policy, but when i apply it site goes down.
There are some dynamic values in URI. Is that making any differences ?
Regards,
Raqs
- Jul 02, 2022
Hello RAQS.
It's hard to know what is failing because each website is completely different.
Your chance is to use iRules to troubleshoot what is being rewritten and what not.
Capturing traffic with tcpdump + decrypting ssl (https://support.f5.com/csp/article/K12783074) is always a great deal.
- RAQSJul 02, 2022Cirrus
Hi Dario,
Really appreciate your time and patience with me. Thanks for all your effort. I took capture and what i oserved that F5 is rewriting host but it is communicating to backend member instead of redirecting.
WIth Irule it is not communicating with backend member.
Note :- Rediected URL is not hosted in F5. Its in AWS.
Do i need to do some modifucation in rewrite policy or this can not be possible with F5 ?
- Jul 09, 2022
Hello RAQS.
I think you are mixing concepts.
- Redirecting (302 response) - it points the client to a new website, this access is not masked, the client will see the new URL in him/her browser.
- Rewriting (200 response) - the F5 manage both flows of the connection and the access is completely masked.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com