Forum Discussion
lnease2_55281
Apr 09, 2012Nimbostratus
Modifying header's host and from HTTP to HTTPS
I have a virtual server that accepts HTTP requests and then sends HTTPS from there to a backend server (that is actually a third party server). It works fine, but because of soap requests, the initiating client request needs to look like it is coming from the F5 instead of from the client when it reaches the web service running on the pool node. We're getting a address mismatch on the backend web service.
So I am trying to write an iRule that will do the following:
Change the request's host name in the header and also change that header to be a HTTPS request instead of a HTTP request. Will the code below work?
NOTE: this is *not* a redirect; I can't send the client to a different URL. So I have to rewrite the header info. And I am thinking I better do this in both directions to avoid problems. Is my code correct below? Please help! Thanks!
when HTTP_REQUEST {
if { [HTTP::host] equals"internal.hostname.com"} {
HTTP::header replace Host "thirdparty.hostname.com"
HTTP::header replace http:// https://
}
}
when HTTP_RESPONSE {
if { [HTTP::host] equals"thirdparty.hostname.com"} {
HTTP::header replace Host "internal.hostname.com"
HTTP::header replace https:// http://
}
}
- dlg_23340CirrusIf you want the request to look like it came from the F5, why not just turn on SNAT?
- nitassEmployeei agree with dlg - if you want request look like coming from bigip, doesn't snat work?
[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:80 ip protocol 6 rules myrule profiles { http {} serverssl { serverside } tcp {} } } [root@ve1023:Active] config b pool foo list pool foo { members 200.200.200.101:443 {} } [root@ve1023:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { if { [HTTP::host] equals "internal.hostname.com" } { HTTP::header replace Host "thridparty.hostname.com" } } } on client [root@centos251 ~] curl -I http://internal.hostname.com/ HTTP/1.1 200 OK Date: Thu, 12 Apr 2012 14:36:17 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 on bigip (packet trace) [root@ve1023:Active] config ssldump -Aed -nni 0.0 port 80 or port 443 -k /var/tmp/node201.key New TCP connection 1: 172.28.19.251(52863) <-> 172.28.19.79(80) 1334241345.8899 (0.0011) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: internal.hostname.com Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(52863) <-> 200.200.200.101(443) ...snipped... 2 10 1334241345.9091 (0.0000) C>SV3.1(186) application_data --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: thridparty.hostname.com Accept: */* --------------------------------------------------------------- 2 11 1334241345.9108 (0.0016) S>CV3.1(263) application_data --------------------------------------------------------------- HTTP/1.1 200 OK Date: Thu, 12 Apr 2012 14:36:17 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 --------------------------------------------------------------- 1334241345.9108 (0.0209) S>C --------------------------------------------------------------- HTTP/1.1 200 OK Date: Thu, 12 Apr 2012 14:36:17 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 ---------------------------------------------------------------
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects