Forum Discussion

Rafi1's avatar
Rafi1
Icon for Cirrus rankCirrus
Nov 13, 2022

Need to rewrite with LTM

Hi,

I have an internal server with two "applicatins" and I need to give access to one of the application from Internet,

The fqdn "globalserver.mydomain.com" point to my F5 vip, and I need that every time client try to go to globalserver.mydomain.com the F5 will send the client to "internalserver.com/portsluser/main#page/"

I can accomplish this with redirect policy but then the client will see in his browser the redirection url which is nternalserver.com/portsluser/main#page/

Regards

Rafi

 

  • Hi Rafi1 , 
      > may I understood in first part , if you want your to get internet access for your nodes you need to configure Forwarding virtual server on F5 to take the initiated traffic from your nodes to your internet path. 
    follow this article , to configure Forwarding virtual server : 
    https://support.f5.com/csp/article/K7595

    > For FQDN hostname redirection , I think your clients can see the redirection on their browsers if you use " Redirect Action in LTM policy or HTTP::redirect by iRules ". 
    As an adminstrator on F5 , if you want to be the only person who see this change of FQDNs , you need to " replace old FQDN to new FQDN  " by using HTTP::header not performing a redirection on FQDN hostnames level. 
    By replacing the http header , you will find the new host name added in the entire http packet , but the Client will still see the old FQDN hostname in their browser. 
    Follow this iRule to change hostname header on http packets : 

    when HTTP_REQUEST {
    if { ([string tolower [HTTP::host]] equals "globalserver.mydomain.com") }{
     HTTP::header replace Host "internalserver.com"
    }
    }

    Tell me first if this meets your needs or not , if not clarify your request exactly , if yes " for changing host header instead of redirection " we can add more conditions for the rest of uri paths that you want to add. 

    I will wait your Feedback 

    Thanks 

    • Rafi1's avatar
      Rafi1
      Icon for Cirrus rankCirrus

      Hi,

      Thank you for your replay,

      I think it will better to describe what i'm trying to achieve

      1. I configured virtual server, (Type standart)

         every client that want to get to the internal service need to go to "globalserver.mydomain.com" whice by dns  A record point this traffic to the virtual server I creatd'

      Then I want that F5 will take this request and point it to "internalserver.com/portsluser/main#page/"

      And the client in his browser still see his original request which is "globalserver.mydomain.com"

       

      Regards

       

      • Hi Rafi1 , 
        I have simulated this scenario on my lab , try this irule : 

        when HTTP_REQUEST {
        if { ([string tolower [HTTP::host]] equals "globalserver.mydomain.com") }{
         HTTP::header replace Host "internalserver.com"
         HTTP::path "/portsluser/main#page/"
        }
        }

         

        Find the below snap shots from my LAB : 
        irule : 

        My results : 

        Do you see , as a client I wrote " shopping.asm.f5" , and the request shown in F5 ASM event logs with a changed header and added new path which did not appear to client neither new hostname nor added path. 
        Try it and give me your feedback. 

        Regards.

  • Hello Rafi, if I'm not mistaken you're having the same issue as this post here. 

    - globalserver.mydomain.com should resolve to your VS IP 
    - if SSL is in place, you need a clientSSL profile with a certificate that matches "globalserver" SNI (or wildcard for *.mydomain.com) 
    - you need HTTP profile on the vitual server to parse request elements 
    - if backend server speaks SSL, you also need a serverSSL profile

    iRule should be pretty simple, this code will rewrite client request before sending it to server -- meaning it will be transparent to client. 

    when HTTP_REQUEST {
      if {[string tolower [HTTP::host]] eq "globalserver.mydomain.com" }{
        HTTP::header replace Host "internalserver.com"
        HTTP::uri "/portsluser/main#page/"
      }
    }

    My only concern would be that you have hash "#" character in URI, which is a reserved character that is usually only interpreted by client browser (usually not passed to server) to identify a fragment. 

    • Rafi1's avatar
      Rafi1
      Icon for Cirrus rankCirrus

      Hi,

      All the previous conditions are defined, but still with the Irule I see blank page

      I actually able to make progress with rewrite profile, I wrote rewrite profile and it works as accepted, when I'm browse to "internalserver.com" the profile rewrite it to "internalserver.com/portsluser/" and the client still see in his browser "internalserver.com", but now the problem is when I'm trying to login I'm getting error 500 from the web site

      Any idea ?

      Regards

      • Hello Rafi,
        can you define blank page better? 

        If server responds to "GET /portsluser/ Host: internalserver.com" request with a 200-content that returns a blank page, problem is on the server. 
        If you have a timeout issue, there might be a problem on the network instead - maybe you might need to fix NAT or routing. 

        If you run curl -vk -H "internalserver.com" https://<internalserver.com node IP>/portsluser/ from F5 command line, what's the output? 

        If you run curl -vk -H "globalserver.mydomain.com" https://<virtual server IP>/ from F5 command line, what's the output?