HTTPS to HTTP redirection from three external web urls to internal web urls using F5 as a revers proxy

An easy approach:

1. Create a separate pool for each site

   pool1 contains 172.16.46.32:8080
   pool2 contains 172.16.40.253:8081
   pool3 contains 172.16.40.201:8082
   

2. Create an iRule

   when HTTP_REQUEST {
       switch [string tolower [HTTP::host]] {
           "site1ex.com" {
               pool pool1
               HTTP::host "site1.com"
           }
           "site2ex.com" {
               pool pool2
               HTTP::host "site2in.com"
           }
           "site3ex.com" {
               pool pool3
               HTTP::host "site3in.com"
           }
       }
   }
   

3. Apply the iRule and client SSL profile to the VIP

Do all of the external sites work on the same IP or are they all discrete VIP's? If they are all discrete then it looks like adding the internal address as a pool member would do it (assuming you enable port address translation). If they are all on the same VIP then there are several ways to do it, either using a datagroup or a case select (to make it easier to add more in the future), something like:

when HTTP_REQUEST {

switch -glob [string tolower [HTTP::host]] {

    "siteex1.com" {
        node 172.16.46.32 8080
    }
    "siteex2.com" {
        node 172.16.40.253 8081
    }
    "siteex3.com" {
        node 172.16.40.201 8082
    }
}

}

Thanks Lee and Kevin for providing the information.

Lee all of the external sites work on the same IP (its only single VIP)

could you please confirm how we can make data group for this requirement.

we will use Source Address Translation:auto map and we will enable Address Translation/Port Translation both inside VIP.

or below irule(which you mentioned) will work without data group?

switch -glob [string tolower [HTTP::host]] {

"siteex1.com" {
    node 172.16.46.32 8080
}
"siteex2.com" {
    node 172.16.40.253 8081
}
"siteex3.com" {
    node 172.16.40.201 8082
}

}

what is the best solution for this requirement please confirm.

My solution works without a datagroup, we've used datagroups in the past but only when we have a high volume of external to internal name mappings or where there was a lot of additions/deletions and we needed to do it quickly without altering the iRule.

Thanks Lee for the solution. Indeed, your solution will work.

what load balance method will be using in Pool?

when i will use your solution.

switch -glob [string tolower [HTTP::host]] {

"siteex1.com" { node 172.16.46.32 8080 } "siteex2.com" { node 172.16.40.253 8081 } "siteex3.com" { node 172.16.40.201 8082 }

then it need to use Pool or not? or directly i will create node? i have one more doubt if in future we want to add internal server to load balance(for site1in.com) then how we will add the server and how F5 will decide to balance load (if any load balance method please confirm)

if in future we want to add internal server to load balance(for site1in.com) then how we will add the server and how F5 will decide to balance load (if any load balance method please confirm)

This is why you'd use a pool instead of a node. With a pool designation you can simply add members to the pool without modifying the iRule.

You also don't technically need the "-glob" option in the switch, since you're not searching for any wildcard values.

Thanks Kevin i got solution

Create a separate pool for each site

pool1 contains 172.16.46.32:8080 pool2 contains 172.16.40.253:8081 pool3 contains 172.16.40.201:8082 Create an iRule

when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "site1ex.com" { pool pool1 HTTP::host "site1.com" } "site2ex.com" { pool pool2 HTTP::host "site2in.com" } "site3ex.com" { pool pool3 HTTP::host "site3in.com" } } }

its fine for me.