For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Derek_Murphy_38's avatar
Derek_Murphy_38
Icon for Nimbostratus rankNimbostratus
Oct 05, 2010

need help figuring out a proxy irule

 

The below post has a bunch of good information that I think has me in the right direction.

 

http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/aff/5/aft/1172576/afv/topic/asg/50/Default.aspx

 

 

however, here's what I need to accomplish.

 

I have www.domain.com/somestring This is a vanity url that will proxy to new.domain.com/ However, I need to retain in the browser www.domain.com/somestring.

 

 

What I am unclear on is how it's possible to proxy traffic to a pool while having the domain name change.

 

 

The pool I'm sending it to has a webserver that hosts 3 blogs (new.domain.com) being one of them. They are all configured to be blog1.domain.com, blog2.domain.com and now mine... new.domain.com).

 

 

If I just do something like if { [HTTP::host] == "www.domain.com" and [HTTP::uri] == "/somestring" } { pool blogservers } there's no way for the webserver to know what virtual host to send the request to. Is there some way I can say set [HTTP::host] == "new.domain.com" and have the webserver understand it's the new domain, but not actually change the url?

 

 

 

application delivery
dev
devops
iRules

14 Replies

Show More
  • Ben_95489's avatar
    Ben_95489
    Icon for Nimbostratus rankNimbostratus
    Oct 06, 2010
    Hey Derek,

     

     

    That is puzzling. Does the virtual server (on the LTM) have a default pool specified? If so, I presume all of its members are currently up and enabled. Are there any errors in /var/log/ltm regarding parsing/processing the iRule when connections arrive? I haven't had a lot in the way of spare cycles today to dig about it and I wouldn't expect it to cause problems like this, but you do have a stream profile enabled as well, correct?

     

     

    // Ben

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 07, 2010
    Hi Derek,

     

     

    Can you post the ltm logs? You can access them from /var/log/ltm on the command line or in the GUI under System | Logs.

     

     

    Aaron
  • Derek_Murphy_38's avatar
    Derek_Murphy_38
    Icon for Nimbostratus rankNimbostratus
    Oct 07, 2010
    Hi Aaron,

     

    currently this is what is logged when I access http://wwwstg.domain.com/discover. The changes so far that I've made to the iRule are - replaced all local0 log with just log "DEREK: so it gets sent to the web console/local traffic log and make it easier for me to identify, I replaced [Virtual Name] with [Virtual] (per another post suggestion), and set ProxyPassDebug and RewriteResponsePayload both to 2 under when RULE_INIT

     

     

    Thu Oct 7 14:09:40 EDT 2010 tmm tmm[1587] 01220002 Rule proxy_pass CLIENT_ACCEPTED: DEREK: wwwstg: 172.30.112.113:61625 - 10.17.9.124:80

     

    Thu Oct 7 14:09:40 EDT 2010 tmm tmm[1587] 01220002 Rule proxy_pass HTTP_REQUEST: DEREK: wwwstg, Host=wwwstg.domain.com, URI=/discover: Looking for entries matching wwwstg.domain.com/discover

     

    Thu Oct 7 14:09:40 EDT 2010 tmm tmm[1587] 01220002 Rule proxy_pass HTTP_REQUEST: DEREK: wwwstg, Host=wwwstg.domain.com, URI=/discover: Looking for entries matching /discover

     

    Thu Oct 7 14:09:40 EDT 2010 tmm tmm[1587] 01220002 Rule proxy_pass HTTP_REQUEST: DEREK: wwwstg, Host=wwwstg.domain.com, URI=/discover: Found Rule, Client Host=wwwstg.domain.com, Client Path=/discover, Server Host=blog3.pre.domain.com, Server Path=/

     

    Thu Oct 7 14:09:40 EDT 2010 tmm tmm[1587] 01220002 Rule proxy_pass HTTP_REQUEST: DEREK: wwwstg, Host=wwwstg.domain.com, URI=/discover: Redirecting to http://wwwstg.domain.com/discover/

     

    Thu Oct 7 14:09:41 EDT 2010 tmm tmm[1587] 01220002 repeated 20 times

     

    Thu Oct 7 14:09:41 EDT 2010 tmm tmm[1587] 01220002 Rule proxy_pass HTTP_RESPONSE: DEREK: wwwstg, Host=wwwstg.domain.com, URI=/discover/: $stream_expression_cmd: STREAM::expression @blog3.pre.domain.com/@wwwstg.domain.com/discover@ @/@/discover@, $stream_enable_cmd: STREAM::enable

     

    Thu Oct 7 14:09:44 EDT 2010 tmm tmm[1587] 01220002 repeated 115 times
  • Derek_Murphy_38's avatar
    Derek_Murphy_38
    Icon for Nimbostratus rankNimbostratus
    Oct 07, 2010
    if this gives any insight.. here's what the apache access logs report. This loops for about 12 times before it stops.

     

     

    LoadBalancerIP - - [07/Oct/2010:14:57:22 -0400] "GET // HTTP/1.1" 301 -

     

    LoadBalancerIP - - [07/Oct/2010:14:57:22 -0400] "GET // HTTP/1.1" 301 - "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10"

     

    LoadBalancerIP - - [07/Oct/2010:14:57:22 -0400] "GET // HTTP/1.1" 301 -

     

    LoadBalancerIP - - [07/Oct/2010:14:57:22 -0400] "GET // HTTP/1.1" 301 - "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10"

     

    LoadBalancerIP - - [07/Oct/2010:14:57:22 -0400] "GET // HTTP/1.1" 301 -

     

    LoadBalancerIP - - [07/Oct/2010:14:57:22 -0400] "GET // HTTP/1.1" 301 - "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10"

     

    LoadBalancerIP - - [07/Oct/2010:14:57:23 -0400] "GET // HTTP/1.1" 301 -

     

    LoadBalancerIP - - [07/Oct/2010:14:57:23 -0400] "GET // HTTP/1.1" 301 - "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10"