F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

pedinopa_170325's avatar
pedinopa_170325
Icon for Nimbostratus rankNimbostratus
Apr 13, 2017

reverse proxy

I am setting up a reverse proxy. I am converting the code from an open source WAF (which currently works). Using the F5 configuration utility I have built my rewrite profile (with several URL trans...
application delivery
LTM
Kevin_Davies_40's avatar
Kevin_Davies_40
Icon for Nacreous rankNacreous
Apr 13, 2017

Ok well it seems you don't quite understand the guide. Let me summarise for you.

 

Rewrite profile = URI Translation

 

HTML profile = Tag Removal (optional)

 

Local Traffic Policy (LTP) = pool selection

 

 

The URI translation modifies the data however it does not choose a destination for you. The load balancing method on your pool does that. But in this case we want to override that with LTP. You can instruct LTP to select an individual pool member but multiple pools is a better approach. Separate your servers into pools, use LTP to select the pool you need based on the URI.

 

So why does it work this way? The rewrite engine is designed to reformat data and that's it. LTP on the other hand is designed to to a whole lot of things including choosing a destination based on that data. Pools are better because if you decide to add another server to support capacity then you just add one more to the relevant pool. Also persistence methods such as cookie persistence are often linked to the pool. In the case you want persistence to work across pools as you might here, their is a tick box for it.

 

Kevin_Davies_40's avatar
Kevin_Davies_40
Icon for Nacreous rankNacreous
Apr 14, 2017

No default pool is fine just use the LTP policy to add an extra rule at the bottom to catch anything that does not match and log it.

You will need a clientssl and serverssl profile if your nodes are SSL

The HTTP host is what the client is requesting. They don't see the backend at all. From the client's perspective the F5 is the server. From the server perspective the F5 is the client. They don't know about each other at all.

Because I don't have enough data I need to make a few assumptions. Are you routing using URI or host ? If host then separate your servers into pools based on hostname so if two server look after the same hostname they should be in the same pool. If URI then separate your servers into pools of servers who look after the same URI match.

Then for host matching your LTP would look like...

Rule 1. HTTP host equals app1.mydomain.com forward to pool app1-pool
Rule 2. HTTP host equals app2.mydomain.com forward to pool app2-pool
Rule 3. HTTP host equals app3.mydomain.com forward to pool app3-pool

or for URI matching it would look like...

Rule 1. HTTP path starts_with /site1 forward to pool app1-pool
Rule 2. HTTP path starts_with /site2 forward to pool app2-pool
Rule 3. HTTP path starts_with /site3 forward to pool app3-pool

You should have a catch all rule at the end to pickup anything that's not matching

Rule 4. Match any traffic, Log tcl:UNMATCHED URI [HTTP::uri]

Then when you are testing you can goto System, Logs, Local Traffic and search for UNMATCHED to see if any traffic is not matching your rules.