Forum Discussion
ERLomboy_27803
Nimbostratus
NimbostratusiRule rewrite | URL hiding
Hi Guys,
Have a requirement and I'll try to provide as much details as possible to help understand.
Internet users views web page, and posts web form to: htps://www.mysite.com/help/site1/search.do?book=blah
The 1st F5 (has SSL cert) receives the traffic and sends the request ( including form data, and URL and query string) to the 2nd F5 (without SSL cert, and is managed on a different dmz location) and the 2nd F5 points to webserver: HTTP://news.bizsite.com:8080/ehelp/microsites. The webserver returns the data to Internet users but the users should still see the URL they visited (htps://www.mysite.com/help/site1/search.do?book=blah)
Notes: Different Protocol ( https vs. http) Different Hostname ( www.mysite.com vs. news.bizsite.com) Different Port : 443 vs. 8080 everything after the "/help/site1" is passed to the the target webserver. Users\Internet browser should only see "https://www.mysite.com/help/site1/..." and NOT the HTTP://news.bizsite.com:8080/ehelp/microsites
In summary: the user only ever sees the URL:
HTTPS://www.mysite/help/site1/search.do?something=somethingelse&more=moreplus Note: everything after the “/site1/” could change – and we should account for such a scenario.
But, “end user redirection” – e.g., issuance of an HTTP 300, 301, 302 to the end user browser, should never occur, because we want to shield the end user from the actual destination URL.
Thanks, Edward
ERLomboy_27803Thank you for the iRule code. Here's a trace of the log.
Feb 9 01:10:22 local/tmm info tmm[4756]: Rule iRuleTEST : BEFORE: client:x.x.x.x:52173 host:mysite.com uri:/CIQDotNet/Excel/126/8.51.5326.5331.axd
nitassEmployee
Feb 9 01:10:22 local/tmm info tmm[4756]: Rule iRuleTEST : BEFORE: client:x.x.x.x:52173 host:mysite.com uri:/CIQDotNet/Excel/126/8.51.5326.5331.axd
i thought host is www.mysite.com and uri starts with /help/site1/.
- ERLomboy_27803
I checked again with the requestor. It seems the uri is not existing. Like a vanity one but in which the business would want the users to see.
The uri is the same for source and dest URL.
https://www.mysite.com/help/site1/ <--> http://news.bizsite.com:8080/help/site1/
- nitass
The uri is the same for source and dest URL.
if uri is not changed, HTTP::uri line is not needed.
- ERLomboy_27803
Hi Guys,
Need your help and patience!
I'm still stuck on the 1st F5 on this iRule. Even after removing the uri, it didn't make a difference. The log shows it's not capturing the right uri.
There is an existing iRule which I'm thinking is conflicting with the one I created. Not sure if I should post it here or I can send it privately, let me know.
nitass_89166Noctilucent
The log shows it's not capturing the right uri.
i still expect to see www.mysite.com as host and uri starts with /help/site1/ in the log. if you do not see it, i think you may need to check if host and uri information you have is correct indeed.
- ERLomboy_27803This is the other iRule. Can you find out which one is conflicting with what you have provided? when HTTP_REQUEST { if { [string tolower [HTTP::uri]] ne "/powermoves" } { switch -exact [string tolower [HTTP::host]] { "www.mysite.com" { if {[TCP::local_port] == 80} { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } elseif {[string tolower [HTTP::uri]] starts_with "/summergames/" || [string tolower [HTTP::uri]] starts_with "/summergames"} { HTTP::respond 301 Location "http://summergames.mysite.com" } } "mysite.com" { if { [matchclass $::wwwredirects equals [string tolower [HTTP::path]]] } { HTTP::respond 301 Location "https://www.mysite.com[HTTP::uri]" } elseif { [TCP::local_port] == 80 } { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/ciqdotnet/excel/114/" || [string tolower [HTTP::uri]] starts_with "/ciqdotnet/excel/102/" } { HTTP::respond 301 Location "https://www.mysite.com[HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } elseif {[string tolower [HTTP::uri]] starts_with "/summergames/" || [string tolower [HTTP::uri]] starts_with "/summergames"} { HTTP::respond 301 Location "http://summergames.mysite.com" } } default { if { [TCP::local_port] == 80 } { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } } } } else { HTTP::redirect http://powermoves.mysite.com } }
- nitass
The log shows it's not capturing the right uri.
i still expect to see www.mysite.com as host and uri starts with /help/site1/ in the log. if you do not see it, i think you may need to check if host and uri information you have is correct indeed.
- ERLomboy_27803This is the other iRule. Can you find out which one is conflicting with what you have provided? when HTTP_REQUEST { if { [string tolower [HTTP::uri]] ne "/powermoves" } { switch -exact [string tolower [HTTP::host]] { "www.mysite.com" { if {[TCP::local_port] == 80} { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } elseif {[string tolower [HTTP::uri]] starts_with "/summergames/" || [string tolower [HTTP::uri]] starts_with "/summergames"} { HTTP::respond 301 Location "http://summergames.mysite.com" } } "mysite.com" { if { [matchclass $::wwwredirects equals [string tolower [HTTP::path]]] } { HTTP::respond 301 Location "https://www.mysite.com[HTTP::uri]" } elseif { [TCP::local_port] == 80 } { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/ciqdotnet/excel/114/" || [string tolower [HTTP::uri]] starts_with "/ciqdotnet/excel/102/" } { HTTP::respond 301 Location "https://www.mysite.com[HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } elseif {[string tolower [HTTP::uri]] starts_with "/summergames/" || [string tolower [HTTP::uri]] starts_with "/summergames"} { HTTP::respond 301 Location "http://summergames.mysite.com" } } default { if { [TCP::local_port] == 80 } { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } } } } else { HTTP::redirect http://powermoves.mysite.com } }
- nitass_89166
This is the other iRule. Can you find out which one is conflicting with what you have provided?
don't you see log showing www.mysite.com as host and uri starts with /help/site1/ really? even irule conflicts, the log should be shown.
- ERLomboy_27803No, it doesn't show. Would it show even if the uri path is non-existent?
- nitass
This is the other iRule. Can you find out which one is conflicting with what you have provided?
don't you see log showing www.mysite.com as host and uri starts with /help/site1/ really? even irule conflicts, the log should be shown.
- ERLomboy_27803No, it doesn't show. Would it show even if the uri path is non-existent?
- nitass_89166
Would it show even if the uri path is non-existent?
https://www.mysite.com/help/site1/ is incoming request from client to f5, isn't it?
- ERLomboy_27803yes, it's a request from client to F5.
- ERLomboy_27803Hi Nitass, Appreciate if you can provide further assistance on this. Thanks!