Forum Discussion

lnease2_55281's avatar
lnease2_55281
Icon for Nimbostratus rankNimbostratus
Apr 09, 2012

Modifying header's host and from HTTP to HTTPS

I have a virtual server that accepts HTTP requests and then sends HTTPS from there to a backend server (that is actually a third party server). It works fine, but because of soap requests, the initiat...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Apr 12, 2012
i agree with dlg - if you want request look like coming from bigip, doesn't snat work?

this is an example configuration which rewriting host header. anyway, i do not think there is host header in http response. 

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      serverssl {
         serverside
      }
      tcp {}
   }
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:443 {}
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   if { [HTTP::host] equals "internal.hostname.com" } {
      HTTP::header replace Host "thridparty.hostname.com"
   }
}
}

 on client

[root@centos251 ~] curl -I http://internal.hostname.com/
HTTP/1.1 200 OK
Date: Thu, 12 Apr 2012 14:36:17 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8

 on bigip (packet trace)

[root@ve1023:Active] config  ssldump -Aed -nni 0.0 port 80 or port 443 -k /var/tmp/node201.key
New TCP connection 1: 172.28.19.251(52863) <-> 172.28.19.79(80)
1334241345.8899 (0.0011)  C>S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: internal.hostname.com
Accept: */*

---------------------------------------------------------------

New TCP connection 2: 200.200.200.10(52863) <-> 200.200.200.101(443)
...snipped...
2 10 1334241345.9091 (0.0000)  C>SV3.1(186)  application_data
    ---------------------------------------------------------------
    HEAD / HTTP/1.1
    User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Host: thridparty.hostname.com
    Accept: */*

    ---------------------------------------------------------------
2 11 1334241345.9108 (0.0016)  S>CV3.1(263)  application_data
    ---------------------------------------------------------------
    HTTP/1.1 200 OK
    Date: Thu, 12 Apr 2012 14:36:17 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
    ETag: "4183e4-3e-9c564780"
    Accept-Ranges: bytes
    Content-Length: 62
    Content-Type: text/html; charset=UTF-8

    ---------------------------------------------------------------
1334241345.9108 (0.0209)  S>C
---------------------------------------------------------------
HTTP/1.1 200 OK
Date: Thu, 12 Apr 2012 14:36:17 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8

---------------------------------------------------------------