Forum Discussion
lisiecki_54902
Nimbostratus
Nimbostratushttps redirect to pool based on uri
I have looked though many examples. I recieve an https request and I need to forward to a pool based on uri:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/thing1" } {
pool thing1
}
if { [HTTP::uri] starts_with "/thing2" } {
pool thing2
}
}
The syntax is accepted, the pools are created and I can get a valid web page if I go directly to the servers.
Any pointers would be appreciated.
Thank-you
8 Replies
- The_BhattmanAre you passing the SSL traffic or does it terminate on the F5?
If you are you might want to re-code it to look like something of the following:when HTTP_REQUEST { switch -glob [HTTP::uri] "/thing1*" { pool thing1} "/thing2*" { pool thing2} } }
orwhen HTTP_REQUEST { if { [HTTP::uri] starts_with "/thing1" } { pool thing1 elseif { [HTTP::uri] starts_with "/thing2" } { pool thing2 } }
Hope this helps
CB 
lisiecki_54902First, Thank-you for the reply.
I am terminating SSL. Can I add a port to the request before I forward to the pool?
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/thing1" }
****HTTP::redirect "[HTTP::uri]:1080" ******
{ pool thing1 }
elseif
{ [HTTP::uri] starts_with "/thing2" }
{ pool thing2 }
}- Yep, you sure can. Just make sure you're adding the port after the host, not after the URI.
Colin - lisiecki_54902I need to take an https request, terminate the SSL and forward to a pool.
My problem is that it is a SUN app server, I need to send the forwarded uri with the port. Rather then a redirect statement I need to forward.
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/thing1" }
***rewite url to be *** http://a.b.c:1081/thing1
Is this possible?
{ pool thing1 }
elseif
{ [HTTP::uri] starts_with "/thing2" }
{ pool thing2 }
} - JRahm
Admin
So just to clarify, you have a virtual that is x.x.x.x:443, you are terminating ssl on this virtual, and then you want to forward the unencrypted requests, with uri intact, to y.y.y.z:1081 pool members? If that is the case, just define your pool members with the desired port and let the LTM translate the port for you (it will by the default parameters in the virtual/pool configurations). So you would define your pool members as:
x.x.x.x:1081
x.x.x.y:1081
x.x.x.z:1081
Then, in your rule, you just need to select the pool based on path. Either of cmbhatt's examples above will work. - lisiecki_54902Thanks, I have it configured as stated and my tcpdump shows the translation. I just opened a case. I'm running 9.3.0.
I am terminating an ssl request-
https://neuidm.neu.edu/opensso
I am forwarding to a pool on port tcp 1080
If I go directly to the server I get your server is up page
http://155.33.17.225:1080
If I add the /opensso to the request, I get the app
http://155.33.17.225:1080/opensso
When I fo through the F5 I get the a 404 page from the Sun server
tcpdump from F5
09:27:43.450415 155.33.17.45.https > 129.10.31.120.3426: P 1:123(122) ack 103 win 4482 (DF)
09:27:43.451755 129.10.31.120.3426 > 155.33.17.45.https: P 103:146(43) ack 123 win 65413 (DF)
09:27:43.451786 155.33.17.45.https > 129.10.31.120.3426: . ack 146 win 4482 (DF)
09:27:43.533565 129.10.31.120.3426 > 155.33.17.45.https: P 146:747(601) ack 123 win 65413 (DF)
09:27:43.533779 155.33.17.45.3426 > 155.33.17.225.socks: S 172991093:172991093(0) win 4380 (DF)
09:27:43.534079 155.33.17.225.socks > 155.33.17.45.3426: S 78093930:78093930(0) ack 172991094 win 49640 (DF)
09:27:43.534097 155.33.17.45.3426 > 155.33.17.225.socks: . ack 1 win 4380 (DF)
09:27:43.534110 155.33.17.45.3426 > 155.33.17.225.socks: P 1:594(593) ack 1 win 4380 (DF)
09:27:43.534372 155.33.17.225.socks > 155.33.17.45.3426: . ack 594 win 49047 (DF)
09:27:43.542258 155.33.17.225.socks > 155.33.17.45.3426: P 1:1228(1227) ack 594 win 49640 (DF)
09:27:43.542417 155.33.17.45.https > 129.10.31.120.3426: P 123:1421(1298) ack 747 win 5126 (DF)
09:27:43.641669 155.33.17.45.3426 > 155.33.17.225.socks: . ack 1228 win 5607 (DF)
09:27:43.654722 129.10.31.120.3426 > 155.33.17.45.https: . ack 1421 win 64115 (DF) - lisiecki_54902solution,
thanks for the help from the forum and support, while the F5 will send to the port, the Sun App server needs to see the port in the header.
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/thing1" } {
HTTP::header replace Host a.b.c:1082
pool thing1pool
}
if { [HTTP::uri] starts_with "/thing2" } {
HTTP::header replace Host a.b.c:1080
pool thing2pool
}
if { [HTTP::uri] equals "/" } {
HTTP::redirect https://a.b.c/thing1
}
elseif { [string tolower [HTTP::host]] equals "a.b.c"} {
HTTP::header replace Host a.b.c:1080
pool thing2pool
}
} 
hoolioCirrostratus
You can save resources by not checking further options once one match is done. You can do this by using if/elseif/else logic or a switch statement:when HTTP_REQUEST { Check requested path with wildcard support switch -glob [HTTP::path] { "/thing1*" { Rewrite host header value and select pool HTTP::header replace Host a.b.c:1082 pool thing1pool } "/thing2*" { Rewrite host header value and select pool HTTP::header replace Host a.b.c:1080 pool thing2pool } "/" { Redirect client HTTP::redirect "https://a.b.c/thing1" } default { Rewrite host header value and select pool HTTP::header replace Host a.b.c:1080 pool thing2pool } } }
Aaron
