iRule redirect with URL masking and URI rewrite

Thanks Yann for the prompt response. I am a newbie to iRuling. So isn't it just possible to redirect https://buyer.abc.com to without using a pool or node in the backend and let the redirection itself take care of the traffic getting forwarded to the server.

Another thought is that can we use the pool instead of node while using the relative path method?

Redirecting the user mean that the browser will issue a request to the provided URL.

If the URL is absolute, the browser will issue a request to myserver01 on tcp port 9001.

If myserver01 resolve a virtual server IP, then the request will go through the Bigip.

otherwise, the request will be issued to the backend server without reaching the bigip.

You can also use the pool command instead of node.

Hope it help

Hi Yann,

This one worked fine and I was able to map the virtual server instead of the node. However the issue is that the subsequent URIs are not working after the first page is loaded fine. So I removed the redirection part and configured the following iRule to send the traffic directly to the virtual server.

As the initial request comes on port 443, I created a virtual server with port 443 and called the following iRule without adding any pool to it. Also configured another virtual server with port 9001 and added pool with member listening on port 9001. However this doesn't work for some reason

when HTTP_REQUEST {

if { [HTTP::host] contains "buyer.abc.com" and [HTTP::path] eq "/" } {
    virtual buyer_vs_9001
    return 
}

You may have an SSL issue.

Can you make sure that there is no SSL Server profile on the first Virtual Server ?

What is the configuration of both VS ?

I removed the SSL server profile, but still no go. Here is the virtual server config

ltm rule /Common/test1 { when HTTP_REQUEST {

if { [HTTP::host] contains "buyer.abc.com" and [HTTP::path] eq "/" } {
    virtual buyer_vs_9001
    return 
}

ltm virtual /Common/buyer_vs_https { destination /Common/172.28.8.180:443 ip-protocol tcp mask 255.255.255.255 profiles { /Common/CERT_Wildcard_2017 { context clientside } /Common/spsite_http { } /Common/tcp-lan-optimized { } } rules { /Common/test1 } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled

ltm virtual /Common/buyer_vs_9001 { destination /Common/172.28.8.180:9001 ip-protocol tcp mask 255.255.255.255 persist { /Common/spsite_srcip { default yes } } pool /Common/buyer_https_pool profiles { /Common/CERT_Wildcard_2017 { context clientside } /Common/serverssl { context serverside } /Common/spsite_http { } /Common/tcp { } } source 0.0.0.0/0 translate-address enabled translate-port enabled

Ok so, you configured as follow :

Your backend is listening on port 9001 but require http or https ?

Based on this configuration and assuming that the backend is HTTPS too, you should have :

buyer_vs_https

• SSL Client Profile
• SSL Server Profile

buyer_vs_9001

• SSL Client Profile
• SSL Server Profile

The rest of the configuration looks fine.

Now you should check the request/response on the client side.

If the client is redirected back to buyer_vs_9001, it may not work in direct because you don't have SNAT enabled and Firewall rules block the connection.

I added both SSL client and server profiles to both virtuals and also enabled SNAT (automap), but I get http 404 status code when I hit the URL. Could this be because of the reason that the internal URL is hard coded on the server with the servername myserver01:9001?

So in this case, can we first redirect the URL to the internal one and then forward the request to the virtual and also make the internal URL not visible to the client?

Could someone help with this iRule please?. The URL rewrite to change the URL and also mask the internal URL so that client don't see it. Also the traffic needs to go through the virtual on port 9001 after the rewrite.

Hi,

You can write an irule to modify the Host header :

when HTTP_REQUEST { 
    if { [HTTP::host] contains "buyer.abc.com" and [HTTP::path] eq "/" } {
        HTTP::header replace "Host" "myserver01:9001"
        virtual buyer_vs_9001
        return 
    }
}

Thanks Yann for the response. I tested this, but still didn't work. So with the URL rewrite, is the client asked to access myserver01:9001, which is not resolved over Internet and that could be the cause of the issue?