For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nathan_Andrews_'s avatar
Nathan_Andrews_
Icon for Nimbostratus rankNimbostratus
Mar 04, 2014

iRule required to change URL to public IP address.

Hi,

 

I have a web application (kronos) that I am currently load-balancing. Due to an ongoing issue with the application iteslf users have to access the app via its public IP address as using a URL will not work.

 

I am in need of an irule to perform the following:

 

1) Change the following URL/URI from https://website.com/en to https://1.1.1.1/en

 

2) Modify the URI to become https://1.1.1.1/wfc/logon and send to pool A if uri ends in /en

 

3) Change the following URL/URI from https://website.com/fr to https://1.1.1.1/fr

 

4) Modify the URI to become https://1.1.1.1/wfc/logon and send to pool B if uri ends in /fr

 

Can this even be done?

 

Thanks,

 

Nathan

 

application delivery
deployment
devops
iRules
LTM

6 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Mar 05, 2014

    The following is a literal translation of what you described. I'm guessing there are more details as to how the application functions, so this may not completely work, as described:

    when HTTP_REQUEST {                                                
     replace the Host header
    HTTP::header replace Host "1.1.1.1"                                                                
     select a pool and rewrite URI based on URI                                         switch -glob [string tolower [HTTP::uri]] {
        "*/en" {
            pool pool_a
            HTTP::uri "/wfc/logon"
        }
        "*/fr" {
            pool pool_b
            HTTP::uri "/wfc/logon"
        }
    }
}
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Mar 05, 2014

    This really depends on how the application functions. The iRule will basically change the Host header and URI on ingress. What does the application do when you POST credentials? Does it literally redirect you back to its own IP address?

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Mar 05, 2014

    Would it be safe to assume the redirect back to https://1.1.1.1/en is actually sending the client directly to the server itself (around the VIP)?

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Mar 05, 2014

    I believe not as I have auto-map configured on the VIP and I can successfully login with https://1.1.1.1/en which is the external VIP IP.

    Just to clarify, (SNAT) auto-map is a routing mechanism. If that wasn't working you wouldn't be getting any responses at all from the web server. Your original description stated that the URI "ends in /en". I'm now assuming that it actually starts with "/en", so the iRule would be subtly different:

    when HTTP_REQUEST {                                                
     replace the Host header
    HTTP::header replace Host "1.1.1.1"     

     select a pool and rewrite URI based on URI 
    switch -glob [string tolower [HTTP::uri]] {
        "/en*" {
            pool pool_a
            HTTP::uri "/wfc/logon"
        }
        "/fr*" {
            pool pool_b
            HTTP::uri "/wfc/logon"
        }
    }
}

    This should at least fix the pool selection.

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Mar 05, 2014

    change this:

     

    HTTP::header replace Host "1.1.1.1"

     

    to this:

     

    HTTP::header replace Host "website.org"

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Mar 05, 2014

    In most cases the server reads the Host header in the request. If that holds true here, then you just need to modify the HTTP::header replace Host statement to use the hard coded value. That should sufficiently convince the server that the client is using the correct host name.