iRule rewrite | URL hiding

they just want to use our domain's SSL certificate but the webserver pool is on the secondary F5.

 

traffic between the first and secondary f5 is http (not https), isn't it? so, ssl certificate is not used.

 

Do we really need to do anything on the second F5 to make this work?

 

i understand we can do all stuff on the first f5.

 

Do I create a separate Virtual server for this purpose and associate it's own iRule you provided above.

 

if virtual server ip is same, you have to modify the existing virtual server.

 

hope this helps.

 

when HTTP_REQUEST { if { [HTTP::host] eq "www.mysite.com" and [HTTP::uri] starts_with "/help/site1/" } { HTTP::header replace Host "news.bizsite.com:8080" HTTP::uri [string map {"/help/site1/" "/ehelp/microsites/"} [HTTP::uri]] } }

 

So the the iRule above states that, when the 1st F5 sees the host "www.mysite.com" with a uri starting with "/help/site1/" and anything after it. It will pass the traffic to the 2nd F5 which has "news.bizsite.com:8080", the 2nd F5 will get the data/forms, etc to the pool on the 2nd F5 and return it to to the Internet user's browser. Correct for all?

 

I created the iRule and associated it with the existing Virtual Server for "www.mysite.com". I'm not sure the iRule above works though. When I check the SSL dump, I didn't see the IP of "news.bizsite.com:8080".

 

when the 1st F5 sees the host "www.mysite.com" with a uri starting with "/help/site1/" and anything after it. It will pass the traffic to the 2nd F5 which has "news.bizsite.com:8080", the 2nd F5 will get the data/forms, etc to the pool on the 2nd F5 and return it to to the Internet user's browser. Correct for all?

 

yes

 

I created the iRule and associated it with the existing Virtual Server for "www.mysite.com". I'm not sure the iRule above works though. When I check the SSL dump, I didn't see the IP of "news.bizsite.com:8080".

 

you may try to debug irule.

 

iRules 101 - 09 - Debugging by Joe Pruitt

 

https://devcentral.f5.com/articles/irules-101-09-debugging.Uvb-kLSjZQI

 

Hi Nitass,

 

I appreciate your intention helping me learn. but I don't know how to put the logging. I have little coding background. The F5 is giving me an error and as I've mentioned I have little room for error as this is Prod. Can you help me put the logging properly?

 

when HTTP_REQUEST log local0. "Request:: [HTTP::host]" { if { [HTTP::host] eq "www.mysite.com" and log local0. "Request:: [HTTP::uri]" [HTTP::uri] starts_with "/help/site1/" } { log local0. "Request:: HTTP::header" HTTP::header replace Host "news.bizsite.com:8080" log local0. "Request:: HTTP::uri" HTTP::uri [string map {"/help/site1/" "/ehelp/microsites/"} [HTTP::uri]] } }

 

Dumb question: Do I need to put the iRule I created on top of the Irule list associated with the virtual server in order for it to be read by F5?

 

The F5 is giving me an error

can you try something like this?

e.g.

root@(ve11-8)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
    when HTTP_REQUEST {
  log local0. "BEFORE: client:[IP::client_addr]:[TCP::client_port] host:[HTTP::host] uri:[HTTP::uri]"
  if { [HTTP::host] eq "www.mysite.com" and [HTTP::uri] starts_with "/help/site1/" } {
    HTTP::header replace Host "news.bizsite.com:8080"
    HTTP::uri [string map {"/help/site1/" "/ehelp/microsites/"} [HTTP::uri]]
    log local0. "AFTER: client:[IP::client_addr]:[TCP::client_port] host:[HTTP::host] uri:[HTTP::uri]"
  }
}
}

Do I need to put the iRule I created on top of the Irule list associated with the virtual server in order for it to be read by F5?

Stacking iRules: A Modular Approach by Deb Allen

https://devcentral.f5.com/articles/stacking-irules-a-modular-approach.UvcQDLSjZQI

as I've mentioned I have little room for error as this is Prod.

i think it is better if you can test using trial or evaluation license before applying to production.

Trial Software Site

https://www.f5.com/trial/

Thank you for the iRule code. Here's a trace of the log.

 

Feb 9 01:10:22 local/tmm info tmm[4756]: Rule iRuleTEST : BEFORE: client:x.x.x.x:52173 host:mysite.com uri:/CIQDotNet/Excel/126/8.51.5326.5331.axd

 

Feb 9 01:10:22 local/tmm info tmm[4756]: Rule iRuleTEST : BEFORE: client:x.x.x.x:52173 host:mysite.com uri:/CIQDotNet/Excel/126/8.51.5326.5331.axd

 

i thought host is www.mysite.com and uri starts with /help/site1/.

 

I checked again with the requestor. It seems the uri is not existing. Like a vanity one but in which the business would want the users to see.

 

The uri is the same for source and dest URL.

 

https://www.mysite.com/help/site1/ <--> http://news.bizsite.com:8080/help/site1/

 

The uri is the same for source and dest URL.

 

if uri is not changed, HTTP::uri line is not needed.

 

Hi Guys,

 

Need your help and patience!

 

I'm still stuck on the 1st F5 on this iRule. Even after removing the uri, it didn't make a difference. The log shows it's not capturing the right uri.

 

There is an existing iRule which I'm thinking is conflicting with the one I created. Not sure if I should post it here or I can send it privately, let me know.