For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Shlairshe_84486's avatar
Shlairshe_84486
Icon for Nimbostratus rankNimbostratus
Jan 13, 2015

Incorporating a header rewrite for security purposes

Hi All, 

  I have been able to make the i-rule work for the purpose it is intended for. However, there is one more thing I have not been able to get to work.

when HTTP_REQUEST { set req [string tolower [HTTP::uri]] if { $req starts_with "/lodi"

} {HTTP::redirect "https://TESTSERVER:8080/lodi/home"} use pool Test_Svrtier_Pool if { $req starts_with "/walking"} { HTTP::redirect "http://TESTSERVER2:8080/BOB/CAT" } }

Question: I am trying to incorporate in the above stated irule such that, if a user access an url http://x.x.x.x/lodi , the user is redirected to the site "http://TESTSERVER:8080/lodi/home", this work perfectly fine now with no problems.

My problem is, I want to be able to rewrite or replace the string TESTSERVER in the url with a different string (let say for example purposes the string is LIBRARY), such that the final page will end up looking like "https://LIBRARY:8080/lodi/home".

In effect, I am trying to hide the name of the real server which is TESTSERVER, and replace it with the name LIBRARY , when the page finally executes. This is for security purposes.

Secondly, will the new name LIBRARY have to be part of DNS for this to work , I was thinking , it could just be replaced.

application delivery
devops
iRules

6 Replies

  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Jan 13, 2015

    If you TESTSERVER(2) servers are defined as nodes and reachable via the LTM you could just do a rewite with a node selection rather than a redirect.

    when HTTP_REQUEST {
    set req [string tolower [HTTP::uri]]
    if { $req starts_with "/lodi" } {
        node  8080
        HTTP::uri /lodi/home
    }
    elseif { $req starts_with "/walking"} { 
        node  8080
        HTTP::uri /BOB/CAT
    }
    pool Test_Svrtier_Pool
}

    Also, I'm not quite sure why you had the 

    use pool Test_Svrtier_Pool
    between your IF statements so I put it at the end. Also, unless you are still running BigIP 4.x you don't need the 
    use
    command.

    • Shlairshe_84486's avatar
      Shlairshe_84486
      Icon for Nimbostratus rankNimbostratus
      Jan 13, 2015
      Thank Brad, I have not yet tested it but regarding the statement node 8080 Can this be replaced with a pool instead of server port ?
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Jan 13, 2015

    If you TESTSERVER(2) servers are defined as nodes and reachable via the LTM you could just do a rewite with a node selection rather than a redirect.

    when HTTP_REQUEST {
    set req [string tolower [HTTP::uri]]
    if { $req starts_with "/lodi" } {
        node  8080
        HTTP::uri /lodi/home
    }
    elseif { $req starts_with "/walking"} { 
        node  8080
        HTTP::uri /BOB/CAT
    }
    pool Test_Svrtier_Pool
}

    Also, I'm not quite sure why you had the 

    use pool Test_Svrtier_Pool
    between your IF statements so I put it at the end. Also, unless you are still running BigIP 4.x you don't need the 
    use
    command.

    • Shlairshe_84486's avatar
      Shlairshe_84486
      Icon for Nimbostratus rankNimbostratus
      Jan 13, 2015
      Thank Brad, I have not yet tested it but regarding the statement node 8080 Can this be replaced with a pool instead of server port ?