Modifying header's host and from HTTP to HTTPS

Question

I have a virtual server that accepts HTTP requests and then sends HTTPS from there to a backend server (that is actually a third party server). It works fine, but because of soap requests, the initiating client request needs to look like it is coming from the F5 instead of from the client when it reaches the web service running on the pool node. We're getting a address mismatch on the backend web service.  &nbsp;
&nbsp;So I am trying to write an iRule that will do the following:&nbsp;
&nbsp;Change the request's host name in the header and also change that header to be a HTTPS request instead of a HTTP request.  Will the code below work?  &nbsp;
&nbsp;NOTE: this is *not* a redirect; I can't send the client to a different URL.  So I have to rewrite the header info.  And I am thinking I better do this in both directions to avoid problems.  Is my code correct below?  Please help!  Thanks!&nbsp;&nbsp;
&nbsp;when HTTP_REQUEST {
&nbsp;  if { [HTTP::host] equals"internal.hostname.com"} {
&nbsp;        HTTP::header replace Host "thirdparty.hostname.com"
&nbsp;    HTTP::header replace http:// https://
&nbsp;  }
&nbsp;}&nbsp;&nbsp;
&nbsp;when HTTP_RESPONSE {
&nbsp;  if { [HTTP::host] equals"thirdparty.hostname.com"} {
&nbsp;        HTTP::header replace Host "internal.hostname.com"
&nbsp;    HTTP::header replace https:// http://
&nbsp;  }
&nbsp;}&nbsp;

dlg_23340 · Answer

If you want the request to look like it came from the F5, why not just turn on SNAT? 
&nbsp;  
&nbsp; If you want the request to be SSL-encrypted from the F5 to the web service, set a server SSL profile.   
&nbsp;  
&nbsp; I don't think you need an iRule to do what you want to do.

nitass · Answer

i agree with dlg - if you want request look like coming from bigip, doesn't snat work? 
  
 this is an example configuration which rewriting host header. anyway, i do not think there is host header in http response. 
  
 [root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      serverssl {
         serverside
      }
      tcp {}
   }
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:443 {}
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   if { [HTTP::host] equals "internal.hostname.com" } {
      HTTP::header replace Host "thridparty.hostname.com"
   }
}
}

on client

[root@centos251 ~] curl -I http://internal.hostname.com/
HTTP/1.1 200 OK
Date: Thu, 12 Apr 2012 14:36:17 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8

on bigip (packet trace)

[root@ve1023:Active] config  ssldump -Aed -nni 0.0 port 80 or port 443 -k /var/tmp/node201.key
New TCP connection 1: 172.28.19.251(52863) &lt;-&gt; 172.28.19.79(80)
1334241345.8899 (0.0011)  C&gt;S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: internal.hostname.com
Accept: */*

---------------------------------------------------------------

New TCP connection 2: 200.200.200.10(52863) &lt;-&gt; 200.200.200.101(443)
...snipped...
2 10 1334241345.9091 (0.0000)  C&gt;SV3.1(186)  application_data
    ---------------------------------------------------------------
    HEAD / HTTP/1.1
    User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Host: thridparty.hostname.com
    Accept: */*

---------------------------------------------------------------
2 11 1334241345.9108 (0.0016)  S&gt;CV3.1(263)  application_data
    ---------------------------------------------------------------
    HTTP/1.1 200 OK
    Date: Thu, 12 Apr 2012 14:36:17 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
    ETag: "4183e4-3e-9c564780"
    Accept-Ranges: bytes
    Content-Length: 62
    Content-Type: text/html; charset=UTF-8

---------------------------------------------------------------
1334241345.9108 (0.0209)  S&gt;C
---------------------------------------------------------------
HTTP/1.1 200 OK
Date: Thu, 12 Apr 2012 14:36:17 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8

---------------------------------------------------------------

Forum Discussion

Modifying header's host and from HTTP to HTTPS

2 Replies

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

VIP control across data centers - how to ensure only 1 VIP is up at a time?

FQDN Node Configuration

Logical Disk Full to Migrate rSeries

Priority Group Activation is not working

Changes to DO and AS3 GitHub - no longer monitored

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS