Forum Discussion
Stephen_Swali_8
Jan 17, 2008Nimbostratus
iRule to change host headers.
Hi guys,
first time on DC so apologies in advance if I'm doing something wrong.
Please can you help with an issue I have.
We have a website that is hosted externally on a server which hosts multiple websites. There is a requirement to SSL enable the communication to our website on this particular server. The web server hosting these multiple sites performs SSL but can't host a certificate for our website/domain. We're therefore changing the access model for this site so that the we perform Client SSL and Server SSL on the BIG-IP obviously hosting the cert for our domain on the BIG-IP.
However, it looks like there is an issue when the BIG-IP sends the request to the server, in that, the server sends a reset. For example, hosted site of https://www.hosted.com/aon.asp. However, we want clients to reach https://www.mybigip.com, which would (as per the name) resolve to the VIP on our BIG-IP which would in turn load-balance to the IP of the hosted dom.
I imagine we'll need to modify host headers using an iRule to when the HTTP request is made, but I'm not sure if I'll need to change the host headers on the way back in the HTTP response.
Any help greatly appreciated.
cheers,
Steve.
- Stephen_Swali_8NimbostratusHey Aaron.
- trx_94323Nimbostratus
Hello Steve, I'm looking to do something similar. The jist of it is we are trying to mask a external domain name on the front end, but intercept it from the F5 and replace the internal domain name to the back-end server, and when it comes back it preserves the masking external domain.
Did you or anyone do the something similar? Sharing the code snippet is fully appreciated.
Thanks.
- hooleylistCirrostratusHi Steve,
when RULE_INIT { Set the hostname that the client makes request to (do not include protocol) set ::external_hostname "www.mycompany.co.uk" Set the hostname that the BIG-IP will rewrite requests to set ::internal_hostname "www.provider.com" Redirect / requests to this URI set ::root_redirect_uri "/aon.asp" Log debug messages to /var/log/ltm? 1=yes, 0=no. set ::proxy_site_debug 1 } when HTTP_REQUEST { if {$::proxy_site_debug}{log local0. "Received request from [IP::client_addr] -> [HTTP::host][HTTP::uri]"} Check if request is to root document if {[HTTP::path] eq "/"}{ if {$::proxy_site_debug}{log local0. \ "Redirecting [IP::client_addr] from / -> https://$::external_hostname$::root_redirect_uri"} Redirect to internal hostname and root object HTTP::redirect "https://$::external_hostname$::root_redirect_uri" } else { if {$::proxy_site_debug}{log local0. "Rewriting [IP::client_addr]'s Host header to $::internal_hostname"} We're not redirecting so rewrite the Host header HTTP::header replace "Host" $::internal_hostname } } when HTTP_RESPONSE { Check if the status indicates a redirect if {[HTTP::is_redirect]} { if {$::proxy_site_debug}{log local0. "Rewriting [IP::client_addr]'s redirect to \ [string map -nocase $::internal_hostname $::external_hostname [HTTP::header Location]]"} Rewrite the Location header replacing the internal hostname with the external hostname HTTP::header replace Location [string map -nocase $::internal_hostname $::external_hostname [HTTP::header Location]] } }
- Stephen_Swali_8NimbostratusHi Aaron,
- hooleylistCirrostratusI don't know of a way to log details on who sent a reset using an iRule.
- hooleylistCirrostratusIt's good to hear you got it working.
- Stephen_Swali_8NimbostratusHey guys,
- Stephen_Swali_8Nimbostratusok guys, think I've fixed it. I've basically changed the 'Host' right at the end of the last line of code in the above iRule to Location which seems to work sweet! I've got the developers testing other parts of the site to make sure I've not inadvertently broken something else.
- Ashish_Ram_Tak1NimbostratusHello Steve, Could you please pest the working iRule I want to try same thing in my environment but seems not working as expected. BR, Ashish Takawale
- hooleylistCirrostratusOops! Thanks for catching that. Sorry for any confusion.
- Stephen_Swali_8NimbostratusNo sweat Aaron! Made me think about it which was good! Thanks for all the help.
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects