Forum Discussion
Irule direct traffic to external site
Traffic arrives at an existing VIP www.mycompany.com/pay1
When the URI is pay1, I have to send a connection to an external web site
"*pay1" {
set dest_host [RESOLV::lookup @8.8.8.8 "www.externalsite.com"]
}
HTTP::uri "/merchant.jsp"
}
HTTP::header replace host $dest_host
node $dest_host 443
External site recently changed their process to no longer allow IP address connections, the issue
is that I cannot figure out how to forward the required traffic to the external site via the irule.
I think that this is how the F5 is sending the external traffic, and this gives me an error.
curl --header 'Host: www.externalsite.com' https://192.168.1.1/merchant.jsp
THis works as expected via curl
curl -kv https://www.externalsite.com/merchant.jsp
Any bright ideas how to modify the irule to allow the connection as per the bottom section?
Tried this and it didn't work
HTTP::header replace host www.externalsite.com
node $dest_host 443
do not want to hardcode the IP's in the irule.
- MaximPCirrus
I think that this is how the F5 is sending the external traffic, and this gives me an error.
curl --header 'Host: www.externalsite.com' https://192.168.1.1/merchant.jsp
What kind of error do you receive?
I guess you have to provide hostname not only in host header but in TLS SNI field too. SNI extention allows server to show proper certificate depends on target hostname.
Here you can find the IRULE to inject SNI into server-side connection https://support.f5.com/csp/article/K41600007
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com