Forum Discussion

strich55's avatar
strich55
Icon for Nimbostratus rankNimbostratus
Oct 20, 2020

Migrating from IIS - URL rewrite issue

Hi,

 

I have a URL rewrite rule in IIS that I need to migrate to F5. That rewrite rule is used by software developper, so I don't know what they are going to include in the HTTP request.

The way it works is that the client initiate a connection to https://www.abc.com/URL=www.def.com/ghi

In this example, the client ask for https://www.abc.com and F5 needs to initiate a connection to www.def.com and send the answer back to the client.

I can't use HTTP::redirect or HTTP::respond as I don't want the client to change URL.

 

I have tried playing with an iRule, but I am not able to achieve my goal. In my example, I am able to manipulate the HTTP::request :

 

when HTTP_REQUEST

{

set newaddress [getfield [substr [HTTP::uri] 5 end] "/" 1] #Extract the new url address

HTTP::uri [string map [list $newaddress "" "/URL=" ""] [HTTP::uri]] #Extract the new URI and assign it to HTTP::uri

HTTP::host $newaddress #Assign the new url address

}

 

From there, I don't know how to trigger Big-IP to initiate the connection to www.def.com/ghi or if I should use rewrite profile

I am running version 13.1.3.3 of Big-IP.

 

Thank you

  • Hello.

     

    "www.def.com" should be configured as a pool member resource.

     

    You can use a rewrite profile or just modify the irule to replace these specific headers:

     

    GET /URL=www.def.com/ghi HTTP/1.1

    Host: www.abc.com

     

    To get this:

     

    GET /ghi HTTP/1.1

    Host: www.def.com

     

    If "www.def.com" page has references to relative path resources (let say href="/images/myimage.png") you should take this into account replacing the payload during the HTTP_RESPONSE.

     

    Besides of URI and host header, there exist other headers that could need to put an eye of them.

    • Cookies
    • Content-Security-Policies
    • Etc

     

    The best option is to connect the backend resource directly (with browser inspector) and try to investigate how your site is in order to plan your scope.

     

    Regards,

    Dario.

  • Hi Dario,

     

    Thank you for you answer.

    Unfortunatly, I can't use a pool. That www.def.com/ghi was an example. I should be able to process anything, as a wildcard, that comes after URL= . Our software developers need to be able to put in any address they need after URL= without having to notify the F5 admin.

     

    Thank you

     

    Stephane

    • Hello Strich.

      Using a pool is relatively easy. With this iRule I'll have everything working properly

      when HTTP_REQUEST {
          set url "https://[getfield [HTTP::uri] "URL=" 2]"
          set host [URI::host $url]
          set path [URI::path $url]
          set basename [URI::basename $url]
          HTTP::uri $path$basename
          HTTP::host $host
      }

      If I test it with curl I've got this:

      # CUSTOMER REQUEST TO BIG-IP
      GET /URL=www.wyz.com/app HTTP/1.1
      User-Agent: curl/7.19.7
      Accept: */*
      Host: www.abc.com
       
      # BIG-IP REQUEST TO BACKEND
      GET /app HTTP/1.1
      User-Agent: curl/7.19.7
      Accept: */*
      Host: www.wyz.com

      If you don't want to specify a pool in order to use it for a generic purpose then you need to include more logic in that iRule. One possible way to get your goal is to construct a sideband connection.

      REF - https://clouddocs.f5.com/api/irules/HTTP-Super-SIDEBAND-Requestor-Client-Handles-Redirects-Cookies-Chunked-Transfer-APM-Access-etc.html

      Try it, but from my perspective, it's better to configure an Access Portal using APM instead of configure that with an iRule. The URL structure is going to be slightly different, but it will be easier to configure it.

      This is the URL structure using an Access Portal:

      www.abc.com/f5-w-<HEX_equivalent_of_backend_FQDN>$$/uri

      If this was helpful, please don't forget to mark my answer as "the best" to help me for the contribution.

      Regards,

      Dario.

  • Hi Dario,

     

    Sorry to be base level, but when using that syntax :

    1. when HTTP_REQUEST {
    2. set url "https://[getfield [HTTP::uri] "URL=" 2]"
    3. set host [URI::host $url]
    4. set path [URI::path $url]
    5. set basename [URI::basename $url]
    6. HTTP::uri $path$basename
    7. HTTP::host $host
    8. }

     

    Which pool is triggered? A pool that I need to define as www.xyz.com ?

     

    Thank you

     

    Stephane

    • Hello.

       

      In my case, the pool was configured directly into the VS, but it's also possible to do it in the iRule.

      REF - https://clouddocs.f5.com/api/irules/pool.html

       

      There you have examples of how to select pools base on URI.

       

      Regards,

      Dario.