For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jokragly's avatar
jokragly
Icon for Nimbostratus rankNimbostratus
Sep 14, 2017

rewrite iRule issues Request & Response

I am having major issues with a rewrite iRule I am trying to get to work. I am running 11.5.3

 

I have an application that works internally with a horrible name and uri (not FQDN), and the application is dependent on that name and URI. The application does a redirect that they can not remove.

 

What I am trying to accomplish is the following. 1. rewrite http with https 2. allow the user to enter "newname.domain.com" but the server will see that as "horriblename:8088" 3. allow user to enter path of /newapp and the server will see "/site/app/default.aspx" 4. since the server response does a redirect it needs to happen both ways.

 

when HTTP_REQUEST { HTTP::host "horriblename:8088" }

 

that seems to partially work. When I go to newname.domain.com/site/app/default.aspx it gets me to the site but then the web server does the redirect and my URL changes to horriblename:8088/site/app/default.aspx

 

Below was my first stab at it but it didn't work

 

when HTTP_REQUEST { if { [HTTP::uri] equals "/newapp" } { In case the server complains, set the host header. HTTP::header replace Host "horriblename:8088" Finally change the URI while on its way to server. HTTP::uri /site/app/default.aspx } Disable the stream filter for all requests STREAM::disable } when HTTP_RESPONSE { Check if response type is text if {[HTTP::header value Content-Type] contains "text"}{ Replace http with https, horriblename:8088 with newname.domain.com, /site/app/default.aspx with newapp STREAM::expression [list {@http:\@https:\@} {@horriblename:8088@newname.domain.com@} {@/site/app/default.aspx@newapp@} ] Enable the stream filter for this response only STREAM::enable } }

 

iRules
LTM
security

2 Replies

  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    Sep 14, 2017

    Hi,

    Could you add the following and check /var/log/ltm to see if its matching correctly... 

        when HTTP_REQUEST {

 if { [HTTP::uri] equals "/newapp" } {

         Remove the "Accept-Encoding" header 
            HTTP::header remove "Accept-Encoding"

         In case the server complains, set the host header.        
            HTTP::header replace Host "horriblename:8088" 

         Finally change the URI while on its way to server. 
            HTTP::uri /site/app/default.aspx 
    } 

  Disable the stream filter for all requests 
 STREAM::disable 

 } 

 when HTTP_RESPONSE {

 Check if response type is text 
 if { [HTTP::header value Content-Type] contains "text" || [HTTP::header value Content-Type] contains "xml" } {

     Replace http with https, horriblename:8088 with newname.domain.com, /site/app/default.aspx with newapp 
    STREAM::expression [list {@http:\@https:\@} {@horriblename:8088@newname.domain.com@} { @/site/app/default.aspx@/newapp@} ] 

     Enable the stream filter for this response only 
    STREAM::enable 
 } 

}

when STREAM_MATCHED {
   Log each match found by the stream filter
  log local0. "Stream filter matched: [STREAM::match]"
}

    Waiting for your feedback

    Regards

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Sep 21, 2017

    Hi,

     

    Did you try with rewrite profile?

     

    This profile may solve most of rewrite needs without stream usage!