Forum Discussion

Mahmoud_Eldeeb_'s avatar
Mahmoud_Eldeeb_
Icon for Cirrostratus rankCirrostratus
Sep 11, 2014

how to redirect from port to another port and to hide the port from the url of client side?

client should type abc.xyz , should be redirected to https://abc.xyz, however server is listening to abc.xyz:9000, client shouldn't see port 9000. so how to redirect http to https with adding port a hidden port 9000?

 

  • At a minimum you need the following things:

     

    1. A standard port 80 (HTTP) VIP with nothing but an HTTP profile and the built-in HTTP-to-HTTPS redirect iRule. This will take all requests coming to the VIP and redirect them to the 443 VIP.

       

    2. A standard port 443 (HTTPS) VIP that load balances your pool of servers listening on port 9000. Apply an HTTP profile, a client SSL profile, and the pool. If the server requires encryption, then also apply a server SSL profile. A standard VIP enables port translation by default, so the client's HTTPS port 443 traffic will translated to port 9000 for server side consumption.

       

    In most cases that should be enough. There are somewhat rare instances where the server needs to see the port in the Host header (ex. server1.example.com:9000), in which case you can add it via an iRule. There are cases where the server may send references to local content (ex. images, css, js, other HTML documents, etc.) and use this internal name:port URL. You can use an iRule here as well to modify the response headers and payload. And finally, there's also a case where the server can send redirects to itself and use http:// (if it's not encrypted) in the redirect Location header. For this you can enable Redirect Rewrite in the HTTP profile to automagically change the URL to https:// on its way to the client.

     

  • actually after redirecting to https it siad "This webpage is not available"

     

    Yes, but did you see any traffic going to the web server? Does the web server require encryption? If you go to it directly, do you type http://server-url:9000, or https://server-url:9000?

     

  • how to do this iRule, to add port 9000

    You mean how to add ":9000" to the Host header? You could something like this:

    when HTTP_REQUEST {
        HTTP::header replace Host "[HTTP::host]:9000"
    }
    

    But this is being done under the assumption that the server just needs to see :9000 in the Host header. The pool and port translation are actually sending the traffic to the servers on port 9000.

  • Hey Kevin,

     

    We have very similar requirements for one of our clients. where back-end application servers are on 8096 port and VS is on 443. yes we do SSL offloading. we are able to access main page of the application But when we click on one button it redirects to different port and we want that client browser should not send request to VS on 8096 when we click on that button and instead of that client browser should send request to 443. So how to hide this port translation. Any suggestions??

     

  • Hey Kevin,

     

    We have very similar requirements for one of our clients. where back-end application servers are on 8096 port and VS is on 443. yes we do SSL offloading. we are able to access main page of the application But when we click on one button it redirects to different port and we want that client browser should not send request to VS on 8096 when we click on that button and instead of that client browser should send request to 443. So how to hide this port translation. Any suggestions??

     

  • There a number of ways that an application can create a redirect, and an equal number of ways to address this. Do you know how the redirect is created? Is it a standard 30x redirect with Location header?

     

  • If it's a 302, then you're simply looking for a Location header in the response:

    when HTTP_RESPONSE {
        if { ( [HTTP::header exists Location] ) and ( [HTTP::header Location] contains ":8096" ) } {
             this is an internal redirect - change it
            HTTP::header replace Location "https://somewhere.else.com"
        }
    }
    

    You'd only need a STREAM profile and iRule if the :8096 redirect was part of the response payload (body not header).

  • You probably still need the other code to catch any 30x redirects, but you also need a STREAM profile to catch and replace any payload data - which is where the HTML form is. Add an empty STREAM profile to the virtual server and an iRule like this:

     

    when HTTP_REQUEST {
        HTTP::header remove Accept-Encoding
        STREAM::disable
    }
    when HTTP_RESPONSE {
        if { ( [HTTP::header exists Location] ) and ( [HTTP::header Location] contains ":8096" ) } {
            HTTP::header replace Location "https://auraservice.techmahindra.com"
        }
    
        if { [HTTP::header Content-Type] contains "text" } {
            STREAM::expression {@https://auraservice.techmahindra.com:8096@https://auraservice.techmahindra.com@}
            STREAM::enable
        }
    }
  • I got it.. i used following Irule and it is working fine for me...

    when HTTP_REQUEST { HTTP::header remove Accept-Encoding

    STREAM::disable }

    when HTTP_RESPONSE { Disable the stream filter for server responses STREAM::disable Enable the stream filter for text responses only if {[HTTP::header value Content-Type] contains "text"}{

       Replace 'old_text' with 'new_text'
      STREAM::expression {@https://auraservice.techmahindra.com:8096/aura.asmx/a_write@https://auraservice.techmahindra.com/aura.asmx/a_write@}
       Enable the stream filter for this response only
      STREAM::enable
    

    } }

  • when HTTP_REQUEST {
    HTTP::header remove Accept-Encoding
    STREAM::disable
    }
    when HTTP_RESPONSE {
        Disable the stream filter for server responses
       STREAM::disable
        Enable the stream filter for text responses only
       if {[HTTP::header value Content-Type] contains "text"}{
        Replace 'old_text' with 'new_text'
       STREAM::expression {@https://auraservice.techmahindra.com:8096/aura.asmx/a_write@https://auraservice.techmahindra.com/aura.asmx/a_write@}
           Enable the stream filter for this response only
          STREAM::enable
       }
    }