For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Joseph_Lindsly's avatar
Joseph_Lindsly
May 14, 2014

IRule for reverse proxy with http rewrite

Hi guys,   I need to use F5 like a reverse proxy. My company would like to have clients connect the our company URL and be redirected to an externally hosted website but have the traffic come bac...
application delivery
cloud
design
devops
iRules
LTM
nitass's avatar
nitass
Icon for Employee rankEmployee
May 27, 2014

i think the irule does exactly what they want but it may have another redirection they do not know.

to prove, the following is my testing. you can see host header and uri are already changed.

to further investigation, you may try tcpdump on bigip and http analyzer tool such as httpfox.

 config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 33
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool cbmserver.com
ltm pool cbmserver.com {
    members {
        200.200.200.111:80 {
            address 200.200.200.111
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  set default_pool [LB::server pool]
}
when HTTP_REQUEST {
  switch [string tolower [HTTP::uri]] {
    "/jobs/apply" {
      HTTP::header replace Host newsite.com
      HTTP::uri "/mobileapply/opco/"
      pool cbmserver.com
    }
    "/jobs/apply/resume-thanks" {
      HTTP::header replace Host newsite.com
      HTTP::uri "/mobilethankyou/opco"
      pool cbmserver.com
    }
    "/jobs/privacy" {
      HTTP::header replace Host newsite.com
      HTTP::uri "/mobileprivacy/opco"
      pool cbmserver.com
    }
    "/jobs/terms" {
      HTTP::header replace Host newsite.com
      HTTP::uri "/mobileterms/opco"
      pool cbmserver.com
    }
    default {
      pool $default_pool
    }
  }
}
}

 trace

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(42623) <-> 172.28.24.10(80)
1401198587.8124 (0.0029)  C>S
---------------------------------------------------------------
HEAD /jobs/apply HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: www.opco.com

---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(42623) <-> 200.200.200.111(80)
1401198587.8137 (0.0010)  C>S
---------------------------------------------------------------
HEAD /mobileapply/opco/ HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: newsite.com

---------------------------------------------------------------