Forum Discussion
NimbostratusiRule header location redirects
We have an application that after a recent software patch has changed its behavior. This has broken the app when accessed via the F5 LTM VIP we have created for it. The app works when accessing the backend server directly. While the vendor works on a resolution, we are trying to craft an iRule that would give us a workaround. The issue is for some URLs, the application now responds with the private IP of the server behind the VIP instead in the response instead of the application name .
So for instance:
“10.x.y.z/unity/options.do” i
Instead of:
“myurl.com/unity/options.do”
When this happens the first time you get a security warning since the SSL cert for the app only has the application name and not the IPs. If you accept the cert, the app still won’t load a few tabs in the application. So, we are looking for a way via an iRule or some other means on the F5 to re-write the response with the application name when the F5 sees an IP being passed instead of the application FQDN.
Amine_KadimiMVP
You can test the "redirect rewrite" option of the HTTP profile, this often solves this kind of problem
ryank5589Thanks Amine! We actually have redirects rewrite configured for matching and it doesn’t work. We tried turning it off and changing it to all, but the issue still persists so we are looking for an irule, policy, or some sort of profile to work around this issue.
Yiğit_UsluCirrus
Hi,
You can use rStream profile for content rewriting. If you see complications after applying stream profile. You can write ani rule more complicated stream operation.
https://clouddocs.f5.com/api/irules/STREAM__expression.html
- ryank5589
Yigit,
Thank you for the response. We tried doing a stream profile with the F5 tac, but that was not successful.
- Amine_Kadimi
when HTTP_RESPONSE { if { [HTTP::is_redirect]} { if { [HTTP::header Location] contains "10.x.y.z" } { HTTP::header replace Location [string map -nocase { "10.x.y.z" "myurl.com" } [HTTP::header Location]] } }Disclaimer: not tested, may need some adjustment
For the string map explanation, refer to: https://devcentral.f5.com/s/articles/irules-101-14-tcl-string-commands-part-2
- ryank5589
Amine,
Thank you again for the response. The irule you provided did help a bit, I was able to re-write the location header with the proper URL. I am still having issue now after the re-write where it just times out, so the application doesn't like something.