Forum Discussion

SteveD1979's avatar
Feb 18, 2022

Redirecting public facing URL to an internal non public facing URL

Hi I am trying to set up a rule that will allow external users hitting an external facing URL that resolves to a VIP on our DMZ LTMs and redirects them to an internal non public facing URL on our internal pair of LTMs based on the URI.  Is this possible?

1 Reply

  • Hello, it is possible either with iRule or with LTM policy. 

    iRules usually allow for more flexibility since they aren't limited to specific pre-coded instruction sets, while LTM policy performs much better (for same instructions, irule usually is 20% slower)

    I would not set up a HTTP::redirect to hosts that can't be accessed by the public, but you can load balance the requests setting the internal LTM Virtual Server IP:port socket as a pool member. If you need to modify the packet beforehand (eg. rewriting URL or Host) there's tools that allow it in both iRule and LTM policy. 

    I can try to provide sample code 

     

     

     

    when HTTP_REQUEST {
    	#I'd recommend switch if you have few exact matches for your URI, eg. on HOST header
    	#I'd also recommend switch if you need to perform different actions on every match 
    	switch -glob [string tolower [HTTP::host]] {
      
    		test1.domain.com { pool <pool_name> }
    		test2.domain.com { pool <pool_name> }
    		test3.domain.com { 
    			pool <pool_name>
    			HTTP::header replace Host "newhost.domain.com" #sample rewrite (not a redirect)
    		}
    	}
    
    
    	#Alternatively, I'd recommend data group if you need to perform a single few actions on a long list of possible match 
    	#read as: does the uri contain an element of datagroup_path_rewrite (case sensitive)
    	if {[class match [HTTP::uri] contains datagroup_path_rewrite]} {
    		HTTP::path /newpath/portal.js #this rewrites the URI path before senting traffic to BE server
    	}
    }

     

     

     

    To work with Data Group you must first configure one in Local Traffic > iRules > Data Groups, example below

     

     

    ltm data-group internal /Common/datagroup_path_rewrite {
     records {
     /oldsubfolder1/ { }
     /oldsubfolder2/ { }
     /oldsubfolder3/ { }
     /oldsubfolder4/ { }
     /oldsubfolder5/ { }
     }
     type string
    }