Nimbostratus

Jun 28, 2010

Port Translation

I've been struggling all day with this one... I have two separate problems and not sure if they are related.

1. I have a VS configured to listen on an IP and on port HTTP 80. I have it attached to a pool with a few webservers in it. The webservers are serving on port TCP 8080 instead. I have the "Port Translation" checkbox checked under the VS settings. It appears that it is not working.

2. The URL that points to that VIP is "http://test1.phly.net". When you hit that URL and it gets passed along to the pool member, the server replies with an HTTP 301 redirect and replies with its own hostname instead "http://server1.phly.net". We want to find when a 301 redirect comes in and replace the hostname with the original URL of "http://test1.phly.net". I've been working with iRules but couldn't really get anything working as of yet. One of the problems in the iRule is that we don't want to statically set what to swap out in the HTTP Header. This needs to be dynamic because of all of the possible pool members that it can have.

Any ideas or suggestions?

I'm on version 10.1.0.

14 Replies

Michael_Yates
Nimbostratus
Jun 28, 2010
You will need to find what is sending the 301 Redirect (sounds like the server(s)) and stop it there.

This should capture the redirect from the server and change the "server1" value to "test1". If the server is indeed sending this redirect back to the requestor, then this iRule will create and endless loop between the two.

when HTTP_RESPONSE { if { [HTTP::is_redirect] } { HTTP::header replace Location [ string map {"server1" "test1"} [HTTP::header Location] ] } }
hoolio
Cirrostratus
Jun 28, 2010
Port translation is fairly bullet proof. I'd guess the issue is not with the port translation, but with the application's references to itself within the HTTP.

Here's something to start with to replace the domain in redirects. If this doesn't fix all of the issues, try using a browser plugin like HttpFox for Firefox or Fiddler for IE to check the web app response headers and/or payloads.

when HTTP_RESPONSE { Check if response is a redirect if {[HTTP::is_redirect]}{ Replace the hostname in the Location header with the external FQDN HTTP::header replace Location "[string map -nocase [URI::host [HTTP::header Location]] test1.phly.net" [HTTP::header Location]] } }

Aaron
jgrohol_43248
Nimbostratus
Jun 29, 2010
Michael I was using that same iRule to test, the only problem is I'd have to statically define the server hostnames to replace. I want to keep that part dynamic so I don't have to update the iRule everytime they add a server to the pool.

Aaron, I like your script because it's grabbing the host by URI::host, but that iRule doesn't seem to be working. I also ran into a syntax error when I tried it.

hoolio

Cirrostratus

Jun 29, 2010

Sorry, it was a misplaced double quote. Can you try this:


when HTTP_RESPONSE {

    Check if response is a redirect
   if {[HTTP::is_redirect]}{

       Replace the hostname in the Location header with the external FQDN
      HTTP::header replace Location [string map -nocase "[URI::host [HTTP::header Location]] test1.phly.net" [HTTP::header Location]]
   }
}

Aaron

jgrohol_43248

Nimbostratus

Jun 29, 2010

That worked...

I've added to it to make it even more dynamic. I'm grabbing the FQDN from the HTTP request and changing the hostname to it.

when HTTP_REQUEST {
set ext_fqdn "[HTTP::host]"
}

when HTTP_RESPONSE {

    Check if response is a redirect
   if {[HTTP::is_redirect]}{

       Replace the hostname in the Location header with the external FQDN
      HTTP::header replace Location [string map -nocase "[URI::host [HTTP::header Location]] $ext_fqdn" [HTTP::header Location]]
   }
}

jgrohol_43248
Nimbostratus
Jun 29, 2010
I also had a question... Isn't this iRule the same thing as changing the "Redirect Rewrite" under the Profile?
hoolio
Cirrostratus
Jun 29, 2010
Nice work.

With the Redirect Rewrite option on an HTTP profile, you can rewrite http:// to https:// or the node address to the VS address. But you can't replace the hostname in a redirect with the VS address or the hostname the client requested.

Aaron
jgrohol_43248
Nimbostratus
Jun 29, 2010
Ok. Thanks for that explanation.

So the code we are working with above only works in Firefox. IE gives me a page cannot be displayed and Google Chrome just shows me nothing. Firefox works like a champ though. ???
hoolio
Cirrostratus
Jun 29, 2010
Do you see any errors in /var/log/ltm when testing with IE or Chrome? Can you use a browser plugin like Fiddler to see which request the failure is occurring on?

Aaron
jgrohol_43248
Nimbostratus
Jun 29, 2010
Well here's the crazy part. In the end they want to replace the hostname in the redirect to keep the common URI. They also want the VIP to be on port HTTP 80 while the backend pool servers are on port 8080. I just changed my VS to listen on 80 instead of 8080 and wham. All 3 browsers now work with the port translation and the hostname change in the iRule we made. Weird. Not sure why doing the port translation "fixed" the other browser problems.

Forum Discussion

Port Translation

14 Replies

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Port Translation & HTTPS -> HTTP

Radware config translation

GTM Translation

Need Irule for redirection for port translation

Virtual server with port translation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS