Forum Discussion

Cirrus

Nov 13, 2022

Need to rewrite with LTM

Hi, I have an internal server with two "applicatins" and I need to give access to one of the application from Internet, The fqdn "globalserver.mydomain.com" point to my F5 vip, and I need that ever...

security

Mohamed_Ahmed_Kansoh

MVP

Nov 13, 2022

Hi Rafi1 ,
> may I understood in first part , if you want your to get internet access for your nodes you need to configure Forwarding virtual server on F5 to take the initiated traffic from your nodes to your internet path.
follow this article , to configure Forwarding virtual server :
https://support.f5.com/csp/article/K7595

> For FQDN hostname redirection , I think your clients can see the redirection on their browsers if you use " Redirect Action in LTM policy or HTTP::redirect by iRules ".
As an adminstrator on F5 , if you want to be the only person who see this change of FQDNs , you need to " replace old FQDN to new FQDN " by using HTTP::header not performing a redirection on FQDN hostnames level.
By replacing the http header , you will find the new host name added in the entire http packet , but the Client will still see the old FQDN hostname in their browser.
Follow this iRule to change hostname header on http packets :

when HTTP_REQUEST {
if { ([string tolower [HTTP::host]] equals "globalserver.mydomain.com") }{
 HTTP::header replace Host "internalserver.com"
}
}

Tell me first if this meets your needs or not , if not clarify your request exactly , if yes " for changing host header instead of redirection " we can add more conditions for the rest of uri paths that you want to add.

I will wait your Feedback

Thanks

Rafi1
Cirrus
Nov 13, 2022
Hi,
Thank you for your replay,
I think it will better to describe what i'm trying to achieve
1. I configured virtual server, (Type standart)
every client that want to get to the internal service need to go to "globalserver.mydomain.com" whice by dns A record point this traffic to the virtual server I creatd'
Then I want that F5 will take this request and point it to "internalserver.com/portsluser/main#page/"
And the client in his browser still see his original request which is "globalserver.mydomain.com"

Regards
- Mohamed_Ahmed_Kansoh
  MVP
  Nov 13, 2022
  Hi Rafi1 ,
  I have simulated this scenario on my lab , try this irule :
  when HTTP_REQUEST { if { ([string tolower [HTTP::host]] equals "globalserver.mydomain.com") }{ HTTP::header replace Host "internalserver.com" HTTP::path "/portsluser/main#page/" } }
  
  Find the below snap shots from my LAB :
  irule :
  My results :
  Do you see , as a client I wrote " shopping.asm.f5" , and the request shown in F5 ASM event logs with a changed header and added new path which did not appear to client neither new hostname nor added path.
  Try it and give me your feedback.
  
  Regards.
  - Rafi1
    Cirrus
    Nov 14, 2022
    Hi Mohamed_Ahmed_Kansoh
    Thank you very for yourת
    unfortunately the Irule didnt work for me,
    I must mention another thing (forgot sorry) the originagl url that the client browse to as i mention is "globalserver.mydomain.com" I need that the LTM will change it to "internalserver.xxx.mydomain.com/portsluser/main#page/" its sub domain for "mydomain.com" in the virtual server certificate in "ssl profile client" the certificate is *.mydomain.com do I need also *.xxx.mydomain.com ?
    
    I configured regular virtual server with: type=standard, service port=443, pool=internalserver.xxx.mydomain.com, without your Irule the LTM forword me to the server "internalserver.xxx.mydomain.com" I hoped that with your Irule he will forword me to "internalserver.xxx.mydomain.com/portsluser/main#page/", but unfortunately with the Irule I got blank page (no service)
    I also noticed that in your lab you are using security profile (ASM), basically I dont need ASM all I need is forward the client request to another web service.
    
    Any idea ?
    Regards