Forum Discussion
JimT
Nimbostratus
NimbostratusRewrite and forward to specific pool
Hi,
I have a question about rewrite and forward to specific pool based on URL accessed.
Setup:
One HTTPS VS, called VS1 with client SSL profile using certificate for .
Two pools, ...
nitass_89166
Noctilucent
Noctilucenthere is local traffic policy (cpm) sample. by the way, i did not use rewrite profile.
// config
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.24.10:443
ip-protocol tcp
mask 255.255.255.255
policies {
testpolicy1 { }
}
profiles {
clientssl {
context clientside
}
http { }
serverssl-insecure-compatible {
context serverside
}
tcp { }
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 19
}
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool
ltm pool pool1 {
members {
200.200.200.101:80 {
address 200.200.200.101
}
}
}
ltm pool pool2 {
members {
200.200.200.111:8443 {
address 200.200.200.111
}
}
}
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm policy testpolicy1
ltm policy testpolicy1 {
controls { forwarding server-ssl }
last-modified 2018-01-14:12:24:45
requires { http }
rules {
testsite1 {
actions {
0 {
server-ssl
disable
}
1 {
http-uri
replace
value /site1
}
2 {
http-host
replace
value internal.abc.com
}
3 {
forward
select
pool pool1
}
}
conditions {
0 {
http-uri
values { / }
}
}
}
testsite2 {
actions {
0 {
http-host
replace
value internal.abc.com:8443
}
1 {
http-uri
replace
value "tcl:[string map {/test/ /site2/} [HTTP::uri]]"
}
2 {
forward
select
pool pool2
}
}
conditions {
0 {
http-uri
starts-with
values { /test/ }
}
}
ordinal 1
}
}
status published
strategy first-match
}
// test1
[root@ve13a:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 or port 443 -k /config/ssl/ssl.key/default.key
New TCP connection 2: 172.28.24.1(33842) <-> 172.28.24.10(443)
...snipped...
2 10 1515904001.6202 (0.0006) C>SV3.3(128) application_data
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: www.abc.com
---------------------------------------------------------------
New TCP connection 3: 200.200.200.14(3637) <-> 200.200.200.101(80)
1515904001.6211 (0.0005) C>S
---------------------------------------------------------------
HEAD /site1 HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: internal.abc.com
---------------------------------------------------------------
// test2
[root@ve13a:Active:In Sync] config ssldump -Aed -nnr /var/tmp/cpm2.cap -k /config/ssl/ssl.key/default.key
New TCP connection 2: 172.28.24.1(33844) <-> 172.28.24.10(443)
...snipped...
2 10 1515904108.0480 (0.0008) C>SV3.3(128) application_data
---------------------------------------------------------------
HEAD /test/hello HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: www.abc.com
---------------------------------------------------------------
[root@ve13a:Active:In Sync] config ssldump -Aed -nnr /var/tmp/cpm2.cap -k /var/tmp/localhost.key
New TCP connection 3: 200.200.200.14(43617) <-> 200.200.200.111(8443)
...snipped...
3 10 1515904108.0549 (0.0004) C>SV3.1(128) application_data
---------------------------------------------------------------
HEAD /site2/hello HTTP/1.1
User-Agent: curl/7.29.0
Accept: */*
Host: internal.abc.com:8443
---------------------------------------------------------------
JimTNimbostratus
NimbostratusThanks a lot nitass. I will try both of your answers.
