Is there a way to keep internal web address all the time and point it to public URL? Let's say I have internal web address called honest2.company.com which has 10.10.2.35 and have public website hosted on Azure let's say abc123pqr456xyz789.azurewebsites.net and I create a VIP honest2_company_http VIP for 10.10.2.35; now anyone from my company access http://honest2.company.com for users the URL always remain as http://honest2.company.com but it will display content of abc123pqr456xyz789.azurewebsites.net Is it possible via iRule, forward or reverse proxy or any other way? Please give me some pointers or clue.

That's a fairly basic problem and I recommend you look into LTM Local Traffic policy feature for the most performance-efficient solution. However, you can also use an iRule provided below. Of course, you will also need two DNS entries - one of which is used by the general public, the other for your private LAN users/employees. when HTTP_REQUEST { if { ([HTTP::host] eq "abc123pqr456xyz789.azurewebsites.net") && (not ([class match [IP::client_addr] eq "private_net" ])) }{ HTTP::header replace Host "honest2.company.com" } }

Another important note, all HTML hyper-links and directory listings in your web-page should be RELATIVE. Otherwise, the response payload may reveal your internal HTTP host and some elements in your web-site will not load at all. External users won't be able to resolve your internal DNS name to any public IP address. Therefore, it's important the web-page has no hard-coded parts that refer to your private/internal Host name. If this criteria is not met, you will additionally need to look into using stream profiles that do similar replacements in the response payload.

Thanks Hannes for your quick reply but it gives "This page can't be displayed." when HTTP_REQUEST { if { ([HTTP::host] eq "abc123pqr456xyz789.azurewebsites.net") && (not ([class match [IP::client_addr] eq "private_net" ])) }{ HTTP::header replace Host "honest2.company.com" } } Do you see anything wrong? From my laptop I am able to hit honest2.company.com (10.10.2.35) but looks like the iRule is not able to do the magic. I am able to successfully do nslookup and get correct IPs. Any clue/help?

How to keep the internal URL in browser address bar and point to external website

Hannes_Rapp_162
Nacreous
Jul 26, 2016
That's a fairly basic problem and I recommend you look into LTM Local Traffic policy feature for the most performance-efficient solution. However, you can also use an iRule provided below. Of course, you will also need two DNS entries - one of which is used by the general public, the other for your private LAN users/employees.

when HTTP_REQUEST { if { ([HTTP::host] eq "abc123pqr456xyz789.azurewebsites.net") && (not ([class match [IP::client_addr] eq "private_net" ])) }{ HTTP::header replace Host "honest2.company.com" } }
- Hannes_Rapp_162
  Nacreous
  Jul 26, 2016
  Another important note, all HTML hyper-links and directory listings in your web-page should be RELATIVE. Otherwise, the response payload may reveal your internal HTTP host and some elements in your web-site will not load at all. External users won't be able to resolve your internal DNS name to any public IP address. Therefore, it's important the web-page has no hard-coded parts that refer to your private/internal Host name. If this criteria is not met, you will additionally need to look into using stream profiles that do similar replacements in the response payload.
- SoLucky
  Nimbostratus
  Jul 26, 2016
  Thanks Hannes for your quick reply but it gives "This page can't be displayed."
  
  when HTTP_REQUEST { if { ([HTTP::host] eq "abc123pqr456xyz789.azurewebsites.net") && (not ([class match [IP::client_addr] eq "private_net" ])) }{ HTTP::header replace Host "honest2.company.com" } }
  
  Do you see anything wrong? From my laptop I am able to hit honest2.company.com (10.10.2.35) but looks like the iRule is not able to do the magic. I am able to successfully do nslookup and get correct IPs. Any clue/help?
- Hannes_Rapp_162
  Nacreous
  Jul 26, 2016
  This iRule is correct, all it does is it takes the original HTTP Host value and replaces it with your internal HTTP host. Probably an asymmetric routing issue as you try to hit the external DNS from your internal LAN. Responses might not return via the correct path. For testing purpose, temporarily enable SNAT Automap setting in Virtual Server settings and try again. You can revert it back afterwards.
Hannes_Rapp
Nimbostratus
Jul 26, 2016
That's a fairly basic problem and I recommend you look into LTM Local Traffic policy feature for the most performance-efficient solution. However, you can also use an iRule provided below. Of course, you will also need two DNS entries - one of which is used by the general public, the other for your private LAN users/employees.

when HTTP_REQUEST { if { ([HTTP::host] eq "abc123pqr456xyz789.azurewebsites.net") && (not ([class match [IP::client_addr] eq "private_net" ])) }{ HTTP::header replace Host "honest2.company.com" } }
- Hannes_Rapp
  Nimbostratus
  Jul 26, 2016
  Another important note, all HTML hyper-links and directory listings in your web-page should be RELATIVE. Otherwise, the response payload may reveal your internal HTTP host and some elements in your web-site will not load at all. External users won't be able to resolve your internal DNS name to any public IP address. Therefore, it's important the web-page has no hard-coded parts that refer to your private/internal Host name. If this criteria is not met, you will additionally need to look into using stream profiles that do similar replacements in the response payload.
- SoLucky
  Nimbostratus
  Jul 26, 2016
  Thanks Hannes for your quick reply but it gives "This page can't be displayed."
  
  when HTTP_REQUEST { if { ([HTTP::host] eq "abc123pqr456xyz789.azurewebsites.net") && (not ([class match [IP::client_addr] eq "private_net" ])) }{ HTTP::header replace Host "honest2.company.com" } }
  
  Do you see anything wrong? From my laptop I am able to hit honest2.company.com (10.10.2.35) but looks like the iRule is not able to do the magic. I am able to successfully do nslookup and get correct IPs. Any clue/help?
- Hannes_Rapp
  Nimbostratus
  Jul 26, 2016
  This iRule is correct, all it does is it takes the original HTTP Host value and replaces it with your internal HTTP host. Probably an asymmetric routing issue as you try to hit the external DNS from your internal LAN. Responses might not return via the correct path. For testing purpose, temporarily enable SNAT Automap setting in Virtual Server settings and try again. You can revert it back afterwards.

Vijay_E

Cirrus

Jul 27, 2016

Try something like this example:

when HTTP_REQUEST {
if { [HTTP::host] contains "abcd.com" } {
HTTP::host [string map {abcd.com xyz.com} [HTTP::host]] 
}
}

when HTTP_RESPONSE {
if { [HTTP::header values Location] contains "xyz.com" } {
HTTP::header replace Location [string map {xyz.com abcd.com} [HTTP::header value Location]]
}
}

ekaleido_26616
Cirrocumulus
Jul 27, 2016
Can't you just create an A record for honest2.company.com pointed at 10.10.2.35 and call it a day? It feels like we're greatly overthinking this. Make the pool member the actual IP of the real webserver and configure the webserver to handle requests for honest2.company.com. There is no need for iRules here as best I can tell.
- SoLucky
  Nimbostratus
  Jul 28, 2016
  I know and I feel the same but we don't have pool (or any pool member) and need to use it as proxy, I hope it make sense.
- ekaleido_26616
  Cirrocumulus
  Jul 28, 2016
  Create a pool, make the external server the sole member. You're now proxying, users see the URL you want them to see, and you don't have to use an iRule.
- SoLucky
  Nimbostratus
  Jul 29, 2016
  I did what you said but it still displays azure URL.
ekaleido
Cirrus
Jul 27, 2016
Can't you just create an A record for honest2.company.com pointed at 10.10.2.35 and call it a day? It feels like we're greatly overthinking this. Make the pool member the actual IP of the real webserver and configure the webserver to handle requests for honest2.company.com. There is no need for iRules here as best I can tell.
- SoLucky
  Nimbostratus
  Jul 28, 2016
  I know and I feel the same but we don't have pool (or any pool member) and need to use it as proxy, I hope it make sense.
- ekaleido
  Cirrus
  Jul 28, 2016
  Create a pool, make the external server the sole member. You're now proxying, users see the URL you want them to see, and you don't have to use an iRule.
- SoLucky
  Nimbostratus
  Jul 29, 2016
  I did what you said but it still displays azure URL.

Forum Discussion

How to keep the internal URL in browser address bar and point to external website

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Create isolated environment for internal and external networks

CSV to Address External Datagroup File

2 internal server vlans

F5 BIG-IP and NGINX - Securing Your AWS VPC Lattice Applications for External Clients

[Workaound] User required to manually start EPI and VPN in browsers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS