For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Craig_Gibb_1781's avatar
Craig_Gibb_1781
Icon for Nimbostratus rankNimbostratus
Sep 06, 2014

Migration from ISA 2006 to F5 LTM

Hi iam trying to migrate a in ISA server 2006 a simple rule, to F5 LTM 11.5.1 HF3. The page is a login page to BMC Remedy ARS, and in the ISA server we have two link translations

 

servername:4400 (internal hostname) to login.remedy.se (public hostname) and remedyportal (redirect from server ) to /arsys/shared/login.jsp (the uri that should be used)

 

Now this works fine in ISA server (every is http) but when i try to use proxy pass or proxy pass lite iam getting nowhere. The problem seems to be that when http request is sent to the public url http://login.remedy.se the server sends back a http::is_redirect and sends the client to http://login.remedy.se/remedyportal.

 

In the ISA server this is converted to /arsys/shared/login.jsp, but i can not seem to get this to work with the proxy pass. The Pool is configure to sen traffic on http port 4400 so that should take care of the pool change, and i have a Data group configured and i think i have tried all combinations, but iam still not able to get it to work. Below is a extract from the log:-

 

Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : /Common/Netktweb_vs: xxx.xx.xxx.xx:36144 -> xxx.xxx.xxx.xxx:80 Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/RemedyPortal/: Found Rule, Client Host=login.remedy.se, Client Path=/RemedyPortal, Server Host=10.181.2.124, Server Path=/arsys/shared/login.jsp Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/RemedyPortal/: Using default pool /Common/Netktweb_http_pool Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : /Common/Netktweb_vs: 46.39.107.85:43284 -> 192.165.155.138:80 Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/RemedyPortal/: New Host=10.181.2.124, New Path=/arsys/shared/login.jsp/ Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/RemedyPortal/: Removed Accept-Encoding header Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/RemedyPortal/: 404 response from /Common/Netktweb_http_pool 10.181.2.124 4400 Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/RemedyPortal/: $stream_expression_cmd: STREAM::expression "@10.181.2.124/arsys/shared/login.jsp@login.remedy.se/RemedyPortal@ @/arsys/shared/login.jsp@/RemedyPortal@", $stream_enable_cmd: STREAM::enable Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/RemedyPortal/: Successfully configured and enabled stream filter Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/RemedyPortal/: Checking Location=, $protocol= Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/RemedyPortal/: Checking Content-Location=, $protocol= Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/RemedyPortal/: Checking URI=, $protocol= Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/arsys/shared/images/bmc_logo.gif: No rule found, using default pool /Common/Netktweb_http_pool and exiting Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/arsys/shared/images/bmc_logo.gif: 304 response from /Common/Netktweb_http_pool x.181.2.124 4400 Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/arsys/shared/images/bmc_logo.gif: Rewriting response content enabled, but disabled on this response. Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/arsys/shared/images/bkgd_image.gif: No rule found, using default pool /Common/Netktweb_http_pool and exiting Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/arsys/shared/images/bkgd_image.gif: 304 response from /Common/Netktweb_http_pool x.181.2.124 4400 Sep 6 14:01:47 s4v2lb info tmm[14885]: Rule /Common/ProxyPass_Netktweb_vs_irule : VS=/Common/Netktweb_vs, Host=login.remedy.se, URI=/arsys/shared/images/bkgd_image.gif: Rewriting response content enabled, but disabled on this response

 

Any ideas appreciated /Craig

 

application delivery
devops
iRules
LTM
management

1 Reply

  • Andrew_Husking's avatar
    Andrew_Husking
    Icon for Cirrus rankCirrus
    Sep 08, 2014

    Not entirely sure i understand the problem, but if all you are trying to do is when client is sent to /remedyportal they need to be sent instead to /arsys/shared/login.jsp then depending on how the redirect is sent back try this in an iRule:

    when HTTP_RESPONSE {
        if {[string tolower [HTTP::header value Location"]] ends_with "/remedyportal"} {
            HTTP::header replace Location "/arsys/shared/login.jsp"
        }
}