Forum Discussion

dyobbs_25515's avatar
dyobbs_25515
Icon for Nimbostratus rankNimbostratus
Feb 15, 2012

iRule rewrite then forward request to pool

hi,

 

 

Requirement:

 

iRule that basically truncates and rewrites the URL, then forward request to pool. Then pool will accept request, then will process it and send back ack to user.

 

 

user ------> F5 [rewrite URL] [forward request] ---> pool (pool_cache)

 

 

Issue:

 

However, when using httpwatch, i found out that after rewriting the URL, it doesn't forward it to my cache pools.

 

 

Browser now goes directly to the URL site, bypassing my cache/proxy.

 

 

www.google.com.removeme.com ----> www.google.com

 

 

 

 

rule myrules {

 

when HTTP_REQUEST {

 

set host [string tolower [HTTP::host]]

 

set newhost [string map {".removeme.com" ""} $host]

 

if {$host ne $newhost} {

 

HTTP::redirect "http://$newhost[HTTP::uri]"

 

}

 

 

 

 

Will this iRule direct it to my pool after rewriting, then cache will reply back to user?

 

 

rule myrules {

 

when HTTP_REQUEST {

 

set host [string tolower [HTTP::host]]

 

set newhost [string map {".removeme.com" ""} $host]

 

if {$host ne $newhost} {

 

pool pool_cache}

 

 

any inputs is appreciated.

 

tnx,

 

application delivery
dev
devops
iRules
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 15, 2012
    are you using explicit proxy (manually set it in browser) or transparent one?
  • dyobbs_25515's avatar
    dyobbs_25515
    Icon for Nimbostratus rankNimbostratus
    Feb 17, 2012
    nitass hi,

     

     

    we got this log from the cache server, based on the irule above. No URL has passed to cache server.

     

     

    "GET / HTTP/0.0" 400 3549 "-" "-" NONE:NONE.

     

     

    here's a sample of what a good log on the cache server:

     

     

    10.128.142.61 "-" - - [17/Feb/2012:11:56:30 +0800] "GET http://www.google.com/ HTTP/1.0" 302 777 "-" "Wget/1.11.4 Red Hat m

     

    " TCP_MISS:DIRECT

     

     

    thx

     

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 17, 2012
    this is my testing.

    virtual server is listening on wildcard address port 80. pool is proxy server. client uses bigip as default gateway. 

    [root@ve1023:Active] config  b virtual bar list
virtual bar {
   translate address enable
   snat automap
   pool foo
   destination any:80
   mask 0.0.0.0
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 172.28.19.251:3128 {}
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   set host [string tolower [HTTP::host]]
   set newhost [string map {".removeme.com" ""} $host]
   if {$host ne $newhost} {
      HTTP::redirect "http://$newhost[HTTP::uri]"
   }
}
}

on client machine

[root@centos101 ~] curl -IL http://www.google.com.removeme.com
HTTP/1.0 302 Found
Location: http://www.google.com/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

HTTP/1.0 302 Moved Temporarily
Location: http://www.google.com.sg/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=1abe3f154bae6bc6:FF=0:TM=1329460956:LM=1329460956:S=erYtf92BCLc5EN5R; expires=Sun, 16-Feb-2014 06:42:36 GMT; path=/; domain=.google.com
Date: Fri, 17 Feb 2012 06:42:36 GMT
Server: gws
Content-Length: 222
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Cache: MISS from centos251.abc.com
X-Cache-Lookup: MISS from centos251.abc.com:3128
Via: 1.0 centos251.abc.com:3128 (squid/2.6.STABLE21)
Connection: close

HTTP/1.0 200 OK
Date: Fri, 17 Feb 2012 06:42:36 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=9b5db78097a1bfa3:FF=0:TM=1329460956:LM=1329460956:S=AdWH46_x8ioXn9G7; expires=Sun, 16-Feb-2014 06:42:36 GMT; path=/; domain=.google.com.sg
Set-Cookie: NID=56=FAZhz19WzF_HoIyhwVwnHKrLFlln2Ge_U3l2DxWvizgizz62CniW2O0lky5omUF98FWuBxU2HjXwchgX_2EPi3-eWddAbFkiL9we3EkUgSykZOfqtMDNhKWvjGf8WuoZ; expires=Sat, 18-Aug-2012 06:42:36 GMT; path=/; domain=.google.com.sg; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Cache: MISS from centos251.abc.com
X-Cache-Lookup: MISS from centos251.abc.com:3128
Via: 1.0 centos251.abc.com:3128 (squid/2.6.STABLE21)
Connection: close

log on proxy server (172.28.19.251)

[root@centos251 squid] tail -f access.log
1329461136.053     30 172.28.19.80 TCP_MISS/302 586 HEAD http://www.google.com/ - DIRECT/74.125.235.20 text/html
1329461136.241     60 172.28.19.80 TCP_MISS/200 903 HEAD http://www.google.com.sg/ - DIRECT/74.125.235.24 text/html
  • dyobbs_25515's avatar
    dyobbs_25515
    Icon for Nimbostratus rankNimbostratus
    Feb 18, 2012
    Tnx, nitass. Let me check on it on the lab as well.

     

    I was wondering what's the reason behind?

     

    How come when defined a certain VS address initially, it didn't work?
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 20, 2012
    How come when defined a certain VS address initially, it didn't work?didn't you use wildcard virtual address? if so, how can traffic hit the virtual after getting redirection?