Forum Discussion

vineyard_166933's avatar
vineyard_166933
Icon for Nimbostratus rankNimbostratus
Aug 19, 2014

Publish websites with redirect

Hi, would like some help making existing TMG configuration work on LTM instead. It's not very complex so we hope somebody could get us started.

 

In TMG we have 2 rules for a website with an IP ACL for those who externally can access the web server. The rule listens on HTTPS and under TMG bridging it redirect to HTTP.

 

The first rule is configured with: Publicname1 to published site1 The second rule handles direct connections and redirects also from site1, so it's configured with: Publicname1 and Publicname2 to site2

 

Can you help us how to make a similar configuration on LTM? The IP acl we already figured out can be done with an iRule and datagroup.

 

application delivery
availability
design
devops
iRules
LTM
web server
  • vineyard_166933's avatar
    vineyard_166933
    Icon for Nimbostratus rankNimbostratus
    Aug 23, 2014

    The last issues with this is. 1. we want to rewrite external url to internal server like https://page.something.com --> server.domain.local this works ok. SSL offloading here also.

     

    1. the server redirects to another location so the url sent back to client is something like: shortname/uri&somestaticinfo then againt to shortname2/uri&somesticinfo (which is not in dns) Would it be correct to rewrite the http_response again with a datagroup of perhaps: shortname1 (80) --> https://pagesomething.com/uri&someinfo. (443)

    Unsure how to do this though. Change the port, rewrite the location in the redirect for both shortnames and some parts of the uri are static and the rest changes

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 23, 2014

    1) we want to rewrite external url to internal server like https://page.something.com --> server.domain.local this works ok. SSL offloading here also. 

     config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:443
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        clientssl {
            context clientside
        }
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 70
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm data-group internal location_map
ltm data-group internal location_map {
    records {
        http://shortname1/ {
            data https://pagesomething.com/
        }
        http://shortname2/ {
            data https://pagesomething.com/
        }
    }
    type string
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if { [HTTP::host] equals "page.something.com" } {
    HTTP::header replace Host "server.domain.local"
  }
}
when HTTP_RESPONSE {
  switch [HTTP::status] {
    301 -
    302 {
      if { [class match -- [HTTP::header Location] starts_with location_map] } {
        set mapl [class match -element [HTTP::header Location] starts_with location_map]
        HTTP::header replace Location [string map $mapl [HTTP::header Location]]
      }
    }
  }
}
}

 request

1 10 1408801818.6717 (0.0007)  C>SV3.1(192)  application_data
    ---------------------------------------------------------------
    GET / HTTP/1.1
    User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Accept: */*
    Host: page.something.com

    ---------------------------------------------------------------
New TCP connection 2: 200.200.200.14(39311) - 200.200.200.101(80)
1408801818.6892 (0.0163)  C>S
---------------------------------------------------------------
GET / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: server.domain.local

---------------------------------------------------------------

    2) the server redirects to another location so the url sent back to client is something like: shortname/uri&somestaticinfo then againt to shortname2/uri&somesticinfo (which is not in dns)

    Would it be correct to rewrite the http_response again with a datagroup of perhaps: shortname1 (80) --> https://pagesomething.com/uri&someinfo. (443) 
     response

1408801840.1118 (0.0724)  S>C
---------------------------------------------------------------
HTTP/1.1 302 Found
Date: Sat, 23 Aug 2014 13:37:55 GMT
Server: Apache/2.2.3 (CentOS)
Location: http://shortname1/uri&somestaticinfo
Content-Type: text/html; charset=iso-8859-1

---------------------------------------------------------------

1 11 1408801840.1125 (0.0752)  S>CV3.1(224)  application_data
    ---------------------------------------------------------------
    HTTP/1.1 302 Found
    Date: Sat, 23 Aug 2014 13:37:55 GMT
    Server: Apache/2.2.3 (CentOS)
    Location: https://pagesomething.com/uri&somestaticinfo
    Content-Type: text/html; charset=iso-8859-1

    ---------------------------------------------------------------
  • vineyard_166933's avatar
    vineyard_166933
    Icon for Nimbostratus rankNimbostratus
    Aug 24, 2014

    Aha, implemented and working. The translation can be done right there in the datagroup, thank you very much!