Forum Discussion
JimT
Nimbostratus
NimbostratusRewrite and forward to specific pool
Hi,
I have a question about rewrite and forward to specific pool based on URL accessed.
Setup:
One HTTPS VS, called VS1 with client SSL profile using certificate for .
Two pools, ...
nitass
Employee
Employeeirule sample
// config
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.24.10:443
ip-protocol tcp
mask 255.255.255.255
profiles {
clientssl {
context clientside
}
http { }
serverssl-insecure-compatible {
context serverside
}
tcp { }
}
rules {
qux
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 19
}
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool
ltm pool pool1 {
members {
200.200.200.101:80 {
address 200.200.200.101
}
}
}
ltm pool pool2 {
members {
200.200.200.111:8443 {
address 200.200.200.111
}
}
}
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when RULE_INIT {
set static::internalhost "internal.abc.com"
}
when HTTP_REQUEST {
switch -glob [HTTP::uri] {
"/" {
HTTP::uri "/site1"
SSL::disable serverside
pool pool1
}
"/test/*" {
HTTP::uri [string map {/test/ /site2/} [HTTP::uri]]
pool pool2
}
default {
do something
}
}
}
when HTTP_REQUEST_RELEASE {
HTTP::host "${static::internalhost}:[LB::server port]"
}
}
// test1
[root@ve13a:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 or port 443 or port 8443 -k /config/ssl/ssl.key/default.key
New TCP connection 1: 172.28.24.1(33808) <-> 172.28.24.10(443)
...snipped...
1 10 1515902215.1724 (0.0035) C>SV3.3(128) application_data
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: www.abc.com
---------------------------------------------------------------
New TCP connection 2: 200.200.200.14(24713) <-> 200.200.200.101(80)
1515902215.1743 (0.0015) C>S
---------------------------------------------------------------
HEAD /site1 HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: internal.abc.com:80
---------------------------------------------------------------
// test2
[root@ve13a:Active:In Sync] config ssldump -Aed -nnr /var/tmp/test2.cap -k /config/ssl/ssl.key/default.key
New TCP connection 1: 172.28.24.1(33824) <-> 172.28.24.10(443)
...snipped...
1 10 1515902715.2350 (0.0007) C>SV3.3(128) application_data
---------------------------------------------------------------
HEAD /test/hello HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: www.abc.com
---------------------------------------------------------------
[root@ve13a:Active:In Sync] config ssldump -Aed -nnr /var/tmp/test2.cap -k /var/tmp/localhost.key
New TCP connection 2: 200.200.200.14(43637) <-> 200.200.200.111(8443)
...snipped...
2 10 1515902715.2410 (0.0006) C>SV3.1(128) application_data
---------------------------------------------------------------
HEAD /site2/hello HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: internal.abc.com:8443
---------------------------------------------------------------
