For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ABHAY_101908's avatar
ABHAY_101908
Icon for Nimbostratus rankNimbostratus
Nov 03, 2009

ProxyPass Irule --- reverse proxy

Dear all:

 

 

I am trying to replace my existing reverse proxy functionality from my apache to BIG-IP LTM.

 

Can any one help me out how to add the config in the proxypass v10 irule.

 

 

Below is my reverse proxy config:-

 

Where as 10.146.64.214 is the Virtual ip address in the apache reverse proxy.

 

 

ProxyPass /upso1/dar/ http://10.38.32.35/upso1/dar/

 

ProxyPassReverse /upso1/dar/ http://10.38.32.35/upso1/dar/

 

ProxyPass /upso1/data/ http://10.38.32.35/upso1/data/

 

ProxyPassReverse /upso1/data/ http://10.38.32.35/upso1/data/

 

 

ProxyPass /upso2/dar/ http://10.42.32.49/upso2/dar/

 

ProxyPassReverse /upso2/dar/ http://10.42.32.49/upso2/dar/

 

ProxyPass /upso2/data/ http://10.42.32.49/upso2/data/

 

ProxyPassReverse /upso2/dar/ http://10.42.32.49/upso2/data/

 

 

kindly guide me how i add above cofig in the proxypass v10 irule.

 

 

 

Regards,

 

Abhay
application delivery
dev
devops
iRules

16 Replies

Show More
  • fLyf5_21542's avatar
    fLyf5_21542
    Icon for Nimbostratus rankNimbostratus
    Nov 17, 2011
    Sorry, for the confusion, below is my requirement

     

     

    /directory/ http://10.0.0.1:8123/new-directory
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 17, 2011
    Can you explain what you want to happen with non-/directory/ requests? Do you want them to go to the same server(s) as /directory/ requests? Or separate server(s)? Do you know if the host header needs to be rewritten?

    Here's a guess at what you mean. This assumes you want /directory/ requests sent to one set of server(s) and non-/directory/ requests to go to the virtual server's default pool. I'm also rewriting the URI from /directory/ to /new-directory/ and updating the host header value to the server IP and port. 

    
when CLIENT_ACCEPTED {

 Save the name of the VS default pool
set default_pool [LB::server pool]

}
when HTTP_REQUEST {

 Check the requested URI
switch -glob [HTTP::uri] {
"/directory/*" {

 Select a custom pool for these requests
pool directory_pool

 Replace /directory/ with /new-directory/ in the URI
HTTP::uri [string map {/directory/ /new-directory/} [HTTP::uri]]

 Track that we will replace the Host header on these requests
set rewrite_host 1
}
default {
pool $default_pool
set rewrite_host 0
}
}
}
when HTTP_REQUEST_SEND {

 Rewrite the host header to the selected server IP:port
if {$rewrite_host}{
clientside {
HTTP::header replace Host "[IP::server_addr]:[TCP::server_port]"
}
}
}

    Aaron
  • fLyf5_21542's avatar
    fLyf5_21542
    Icon for Nimbostratus rankNimbostratus
    Nov 17, 2011
    Thanks Aron

     

     

    1. The request to be forwarded to a pool, but the uri to be changed from /directory/ to /new-directory/

     

     

    2. When the response traffic comes, /new-directory/ to be change back to /directory/ as this to be transparent with end user browser.

     

     

    3. I understand above iRule will change the uri and http header when the traffic is forwarded to pool member, I would like to know this will replace the uri back when server responds to client

     

     

    ...fLy
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 21, 2011
    Hi Fly,

     

     

    I'd first test to see if the application includes references to /new-directory/ in the response content. If it doesn't, you don't need to worry about rewriting the response content. If you do need to, you can rewrite the response content using a blank stream profile and an STREAM::expression based iRule:

     

     

    http://devcentral.f5.com/wiki/iRules.stream__expression.ashx

     

     

    Aaron