Forum Discussion

sjy2025's avatar
sjy2025
Icon for Altostratus rankAltostratus
10 months ago
Solved

iRule, Traffic Policy or Re-Write Policy

  Hi, I have created an iRule that maps source addresses to a particular pool when CLIENT_ACCEPTED { if {[class match [IP::client_addr] equals clients1] } {      pool POOL_1    } elseif {[class...
irules
rewrite
traffic policy
  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    8 months ago

    you may see  https://hostnameA.test.com:666 in the browser for many reasons
    thats why I am asking if there is a redirect response (301 or 302) or there is something else

    anyway give this a try

    when HTTP_REQUEST 
{
    STREAM::disable
    HTTP::header remove "Accept-Encoding"

	if {[IP::addr [IP::client_addr] equals 192.168.1.1] } 
	{
		pool POOL_A
		set selected_hostname "hostnameA.test.com"
		HTTP::header replace Host $selected_hostname
	} 
	elseif {[IP::addr [IP::client_addr] equals 192.168.2.1] }
	{
		pool POOL_B
		set selected_hostname "hostnameB.test.com"
		HTTP::header replace Host $selected_hostname
	} 
	elseif {[IP::addr [IP::client_addr] equals 192.168.3.1] }
	{
		pool POOL_C
		set selected_hostname "hostnameC.test.com"
		HTTP::header replace Host $selected_hostname
	}
}

when HTTP_RESPONSE 
{
    if {[HTTP::header exists "Location"] && [info exists selected_hostname]}
    {
        set loc [HTTP::header "Location"]
        if {[string match "https://$selected_hostname:666*" $loc]} 
        {
            HTTP::header replace "Location" [string map "https://$selected_hostname:666 https://example.com" $loc]
        }
    }
    if {[HTTP::header "Content-Type"] contains "text" && [info exists selected_hostname]}
    {
		STREAM::expression "@https://$selected_hostname@https://example.com@"
		STREAM::enable
    }
}

     

sjy2025's avatar
sjy2025
Icon for Altostratus rankAltostratus
8 months ago

I will try this out tomorrow, thank you for your input, its very much appreciated

sjy2025's avatar
sjy2025
Icon for Altostratus rankAltostratus
8 months ago

Hi,

Thought I would feedback, as I couldn't get the response to work.

I have got the source > pool > to re-write working which is great, although it does still show the backend server, its a test environment and is reducing my admin, so thank you

I found your iRule really useful for understanding as well

 

I think the response isn't working as there is a unusual setup, which does the following

 

client to uri = https://example.com

F5 rewrites to https://hostnameA.test.com:666

Then there is another redirects that sends to the

F5 rewrites to https://other.test.com:443 (this is returned in the browser)

I'm still looking at it

Thanks

 

 

 

 

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for MVP rankMVP
    8 months ago

    You mention Keycloak,
    Do you use as IDP?

    You have to check what urls are defined in the config. Either it uses SAML or OAuth