For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Gregg_Hanold_01's avatar
Gregg_Hanold_01
Icon for Nimbostratus rankNimbostratus
Nov 23, 2014
Solved

reverse proxy server for uri translation

I am new to F5 as reverse proxy server. I have a dns entry pointing to my f5 app.fdn.com. I need to have users that enter app.fqdn.com/app1 be directed to myserver1.com/app1 and users that enter app.fqdn.com/app2 be directed to myserver2.com/app2. It seems that iRules should be able to accomplish this. Any direction or support on how to implement this would be greatly appreciated.

 

application delivery
BIG-IP Access Policy Manager (APM)
deployment
devops
iRules
LTM
security
virtualization
  • nitass_89166's avatar
    nitass_89166
    Nov 23, 2014

    e.g.

     configuration

[root@ve11a:Active:In Sync] config  tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 3
}
[root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  switch -glob [HTTP::uri] {
    "/app1*" {
      HTTP::header replace Host "myserver1.com"
      node 200.200.200.101
    }
    "/app2*" {
      HTTP::header replace Host "myserver2.com"
      node 200.200.200.111
    }
    default {
       do something
    }
  }
}
}

 trace

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(36523) <-> 172.28.24.10(80)
1416753933.7140 (0.0017)  C>S
---------------------------------------------------------------
GET /app1/something HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: app.fdn.com

---------------------------------------------------------------

New TCP connection 2: 200.200.200.11(36523) <-> 200.200.200.101(80)
1416753933.7156 (0.0003)  C>S
---------------------------------------------------------------
GET /app1/something HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: myserver1.com

---------------------------------------------------------------

4 Replies

  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Nov 23, 2014

    e.g.

     configuration

[root@ve11a:Active:In Sync] config  tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 3
}
[root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  switch -glob [HTTP::uri] {
    "/app1*" {
      HTTP::header replace Host "myserver1.com"
      node 200.200.200.101
    }
    "/app2*" {
      HTTP::header replace Host "myserver2.com"
      node 200.200.200.111
    }
    default {
       do something
    }
  }
}
}

 trace

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(36523) <-> 172.28.24.10(80)
1416753933.7140 (0.0017)  C>S
---------------------------------------------------------------
GET /app1/something HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: app.fdn.com

---------------------------------------------------------------

New TCP connection 2: 200.200.200.11(36523) <-> 200.200.200.101(80)
1416753933.7156 (0.0003)  C>S
---------------------------------------------------------------
GET /app1/something HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: myserver1.com

---------------------------------------------------------------
    • nitass_89166's avatar
      nitass_89166
      Icon for Noctilucent rankNoctilucent
      Nov 23, 2014
      if server host name (e.g. myserver1.com) is embedded in response, you also have to rewrite it (e.g. irule, stream profile).
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 23, 2014

    e.g.

     configuration

[root@ve11a:Active:In Sync] config  tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 3
}
[root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  switch -glob [HTTP::uri] {
    "/app1*" {
      HTTP::header replace Host "myserver1.com"
      node 200.200.200.101
    }
    "/app2*" {
      HTTP::header replace Host "myserver2.com"
      node 200.200.200.111
    }
    default {
       do something
    }
  }
}
}

 trace

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(36523) <-> 172.28.24.10(80)
1416753933.7140 (0.0017)  C>S
---------------------------------------------------------------
GET /app1/something HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: app.fdn.com

---------------------------------------------------------------

New TCP connection 2: 200.200.200.11(36523) <-> 200.200.200.101(80)
1416753933.7156 (0.0003)  C>S
---------------------------------------------------------------
GET /app1/something HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: myserver1.com

---------------------------------------------------------------
    • nitass's avatar
      nitass
      Icon for Employee rankEmployee
      Nov 23, 2014
      if server host name (e.g. myserver1.com) is embedded in response, you also have to rewrite it (e.g. irule, stream profile).