For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

fubarSUSHI's avatar
fubarSUSHI
Icon for Altocumulus rankAltocumulus
Jul 31, 2014

iRule help - Redirect to different website when it matches with https

Requirements   1. When http_request hits www.test.com/blog/* redirect to www.othersite.com/blog/*   2. Make sure customer does not see "www.othersite.com"/uri and re-write request with "www.te...
application delivery
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 31, 2014

The MOST important consideration is in your 1 and 2 requirements. In order to "hide" the othersite URL from the user, you MUST proxy the traffic THROUGH the VIP. If you issue an HTTP::redirect, then sends a 302 type message back to the client with a Location header that causes the user to go directly to that URL (and away from your VIP). With that said, let's look at the rest of the requirements. First, for requirement 3, you need two VIPs: one HTTP and one HTTPS. The HTTP VIP simply uses the built-in _sys_https_redirect iRule and an HTTP profile. Nothing else is required. User traffic that hits this VIP will be automatically redirected to the HTTPS VIP with the same URI. For the HTTPS iRule:

when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] contains "blog/" } {
        pool othersite_pool
        HTTP::header replace Host "www.othersite.com"
    }
}

If some of the requests coming to the HTTPS VIP needs to go to othersite, then you'd just create a pool that points to that, make sure the F5 can route to that site, add a SNAT profile to the VIP and the above iRule. Client requests will be forwarded (through the proxy) to the other site with a replaced Host header.