Forum Discussion
IRule for reverse proxy with http rewrite
Hi guys,
I need to use F5 like a reverse proxy. My company would like to have clients connect the our company URL and be redirected to an externally hosted website but have the traffic come back through the F5 back to the client. My company wants the redirect to be transparent to the client. Here are some examples of what i need.
company sitehttp://www.opco.com/jobs/apply external sitehttp://newsite.com/apply
company sitehttp://www.opco.com//jobs/apply/resume-thanks external sitehttp://newsite.com/thankyou
company sitehttp://www.opco.com/jobs/privacy external sitehttp://newsite.com/privacy
company sitehttp://www.opco.com/jobs/terms external sitehttp://newsite.com/terms
Any help would be greatly appreciated.
Thanks
7 Replies
- Kevin_Stewart
Employee
Well, technically you cannot perform an HTTP redirect and be transparent to the client. The very nature of an HTTP redirect involves the client. In order to be transparent, and perhaps the only way, is to (reverse) proxy access to that external site through your F5. You would define that external site as either a node or its own pool. Then you could do something like this:
when CLIENT_ACCEPTED { set default_pool [LB::server pool] } when HTTP_REQUEST { switch [string tolower [HTTP::uri]] { "/jobs/apply" { HTTP::uri "/apply" pool newsite-pool } "/jobs/apply/resume-thanks" { HTTP::uri "/thankyou" pool newsite-pool } "/jobs/privacy" { HTTP::uri "/privacy" pool newsite-pool } "/jobs/terms" { HTTP::uri "/terms" pool newsite-pool } default { pool $default_pool } } }You'll probably also want to have a OneConnect profile applied to the VIP.
- nitass
in addition, you may also have to replace the host header.
HTTP::header replace Host newsite.com Should I add the Header line at the beginning or end of the other commands?
- Kevin_Stewart
Should I add the Header line at the beginning or end of the other commands?
It won't matter.
My company has modified the request. This is what they want now.
company site http://www.opco.com/jobs/apply external site http://newsite.com/mobileapply/opco
company site http://www.opco.com//jobs/apply/resume-thanks external site http://newsite.com/mobilethankyou/opco
company site http://www.opco.com/jobs/privacy external site http://newsite.com/mobileprivacy/opco
company site http://www.opco.com/jobs/terms external site http://newsite.com/mobileterms/opco
I modified the irule from above to this:
when CLIENT_ACCEPTED { set default_pool [LB::server pool] } when HTTP_REQUEST { switch [string tolower [HTTP::uri]] { "/jobs/apply" { HTTP::uri "/mobileapply/opco/" pool cbmserver.com } "/jobs/apply/resume-thanks" { HTTP::uri "/mobilethankyou/opco" pool cbmserver.com } "/jobs/privacy" { HTTP::uri "/mobileprivacy/opco" pool cbmserver.com } "/jobs/terms" { HTTP::uri "/mobileterms/opco" pool cbmserver.com } default { pool $default_pool } } }
When I test it, the URI changes to mobileapply/opco instead of staying jobs/apply and doesn't open the page.
When i try to add HTTP::header replace Host newsite.com, i get an error when i click the update button.
- nitass
i think the irule does exactly what they want but it may have another redirection they do not know.
to prove, the following is my testing. you can see host header and uri are already changed.
to further investigation, you may try tcpdump on bigip and http analyzer tool such as httpfox.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 33 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool cbmserver.com ltm pool cbmserver.com { members { 200.200.200.111:80 { address 200.200.200.111 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when CLIENT_ACCEPTED { set default_pool [LB::server pool] } when HTTP_REQUEST { switch [string tolower [HTTP::uri]] { "/jobs/apply" { HTTP::header replace Host newsite.com HTTP::uri "/mobileapply/opco/" pool cbmserver.com } "/jobs/apply/resume-thanks" { HTTP::header replace Host newsite.com HTTP::uri "/mobilethankyou/opco" pool cbmserver.com } "/jobs/privacy" { HTTP::header replace Host newsite.com HTTP::uri "/mobileprivacy/opco" pool cbmserver.com } "/jobs/terms" { HTTP::header replace Host newsite.com HTTP::uri "/mobileterms/opco" pool cbmserver.com } default { pool $default_pool } } } } trace [root@ve11a:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.24.1(42623) <-> 172.28.24.10(80) 1401198587.8124 (0.0029) C>S --------------------------------------------------------------- HEAD /jobs/apply HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: www.opco.com --------------------------------------------------------------- New TCP connection 2: 200.200.200.14(42623) <-> 200.200.200.111(80) 1401198587.8137 (0.0010) C>S --------------------------------------------------------------- HEAD /mobileapply/opco/ HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: newsite.com --------------------------------------------------------------- When i type in my test URL, it is switching to the external address in the address bar.
I type: http://www.opco.com/jobs/apply The address bar switches to http://www.newsite.com/mobileapply/opcoHere is the latest update:
The company wants the user to type:
http://www.opco.com/jobs/apply?postingid=1235213&vendorid=2214&return=https://m.xxxxx.com/Job-Search-Results.aspx?countryName=All&state=0&domain=&keyword=javait should forward to:
http://www.newsite.com/mobileapply/opco? postingid=1235213&vendorid=2214&return=https://m.xxxxx.com/Job-Search-Results.aspx?countryName=All&state=0&domain=&keyword=javaThe user never sees the new site address in the address bar.
This is the current irule that I have.
when CLIENT_ACCEPTED { set default_pool [LB::server pool] } when HTTP_REQUEST { switch [string tolower [HTTP::uri]] { "/jobs/apply" { HTTP::uri "/mobileapply/opco" pool newsite.com } "/jobs/apply/resume-thanks" { HTTP::uri "/mobileapply/opco/thankyou" pool newsite.com } "/jobs/privacy" { HTTP::uri "/mobileapply/opco/privacy" pool newsite.com } "/jobs/terms" { HTTP::uri "/mobileapply/opco/terms" pool newsite.com } default { pool $default_pool } } }Also, if the user just types in http://www.opco.com it should go to our default pool called opco_pool. When i tried to add that to the rule, it kept failing. Should i put the default pool name in this line:
set default_pool [LB::opco_pool]
