Nimbostratusreverse proxy mapping of server with strict header checking
We are trying to map a number of separately developed apps onto the same domain with each app in a subdomain, so users can request https://.ourdomain.com/ and get directed to the correct app.
Apps we developed are in pools in our own hosting and working fine. We also need to map one app developed by a third party and hosted externally (https://thirdpartyapp.theirdomain.com/).
We have the ip address of this third party app in a pool and the traffic is flowing correctly but some browsers set headers which cause resource requests that follow the initial connection to receive a 403 FORBIDDEN response.
Unfortunately I don't have access to the Big-IP - it's a managed service, so writing and debugging iRules is a slow process.
What I need help with... Does this iRule effectively substitute headers in the outgoing request? I know the replace works, but how do I know these are the headers going over to the other end (I have no access to F5 or to 3rd party server).
{
set uri [HTTP::uri]
set httpver [HTTP::version]
set headers [HTTP::header names]
array unset request
array set request {uri $uri}
foreach header $headers {
regsub -all {externalapp.ourdomain.com} [HTTP::header $header] prod-thirdpartyapp.theirdomain.com newheadervalue
set request($header) $newheadervalue
}
set ENCRYPT 1;pool POOL-thirdparty-443-external;snat [IP::local_addr]
}
I know the regsub is replacing the headers correctly. Where I am losing confidence is that I can't see the request headers of the outbound connection to the third party server.
Do I need to write the headers back into HTTP::header or does "set request" do that for the outbound request - i.e. is request a special object on the F5 that automatically sets the server side https request?
Thanks for your help