Forum Discussion
Rafi1
Cirrus
CirrusNeed to rewrite with LTM
Hi, I have an internal server with two "applicatins" and I need to give access to one of the application from Internet, The fqdn "globalserver.mydomain.com" point to my F5 vip, and I need that ever...
Rafi1Cirrus
CirrusHi,
Thank you for your replay,
I think it will better to describe what i'm trying to achieve
1. I configured virtual server, (Type standart)
every client that want to get to the internal service need to go to "globalserver.mydomain.com" whice by dns A record point this traffic to the virtual server I creatd'
Then I want that F5 will take this request and point it to "internalserver.com/portsluser/main#page/"
And the client in his browser still see his original request which is "globalserver.mydomain.com"
Regards
Hi Rafi1 ,
I have simulated this scenario on my lab , try this irule :
when HTTP_REQUEST {
if { ([string tolower [HTTP::host]] equals "globalserver.mydomain.com") }{
HTTP::header replace Host "internalserver.com"
HTTP::path "/portsluser/main#page/"
}
}
Find the below snap shots from my LAB :
irule :
My results :
Do you see , as a client I wrote " shopping.asm.f5" , and the request shown in F5 ASM event logs with a changed header and added new path which did not appear to client neither new hostname nor added path.
Try it and give me your feedback.
Regards.
- Rafi1
Thank you very for yourת
unfortunately the Irule didnt work for me,
I must mention another thing (forgot sorry) the originagl url that the client browse to as i mention is "globalserver.mydomain.com" I need that the LTM will change it to "internalserver.xxx.mydomain.com/portsluser/main#page/" its sub domain for "mydomain.com" in the virtual server certificate in "ssl profile client" the certificate is *.mydomain.com do I need also *.xxx.mydomain.com ?
I configured regular virtual server with: type=standard, service port=443, pool=internalserver.xxx.mydomain.com, without your Irule the LTM forword me to the server "internalserver.xxx.mydomain.com" I hoped that with your Irule he will forword me to "internalserver.xxx.mydomain.com/portsluser/main#page/", but unfortunately with the Irule I got blank page (no service)
I also noticed that in your lab you are using security profile (ASM), basically I dont need ASM all I need is forward the client request to another web service.
Any idea ?
Regards
Hi Rafi1 ,
As per CA_Valli’s iRule and mine , both of them should work with you.
> I want to add there is a problem with your certificate , you have wildcard to "*.mydomain.com" it will not be compatible with "*.xxx.mydomain.com" , or remover " . that before xxx" I mean the hostname should be "internalserver-xxx.mydomain.com" and do not use "dot ." in your hostnames.
> After that make sure that
"globalserver.mydomain.com " and " internalserver-xxx.mydomain.com"
have the same dns resolution or at least configure this" internalserver-xxx.mydomain.com" to be mapped to " ip of virtual server on F5 "
> but in your Case there is an issue with certificate , you must use "-" not "."
and try.
> I used ASM loging to see the requests contents only as a monitoring , not to do any actions.
> I will Take a Pcap from my Lab to see the Flow of traffic and changes as well.
Regards.- Rafi1
The " internalserver-xxx.mydomain.com" the "xxx" is sub domain so I must use "dot."
What if in the server ssl profile (in the virtual server ) I will attached the the real server certificate *.xxx.mydomain.com ?
Regards