Forum Discussion

Piotr_Lewandows's avatar
Piotr_Lewandows
Icon for Altostratus rankAltostratus
Nov 14, 2017

Rewrite profile - any better way?

Hi,

 

I wonder is there is any simpler way to achieve something described below:

 

Scenario:

 

  • Single VS - IP mapped to few external FQDNs
  • Each external FQDN maps to virtual host on the same backend server (so traffic accepted only if there is Host header match in request send from BIG-IP to backend)
  • There is possibility that some links returned from backend (in content) are not relative and can use backend srv FQDN.

Setup:

 

Local Traffic Policy forwarding traffic to appropriate pool based on host header in request from client - sure it could be one pool but because FQDN nodes has to be used I guess separate pools are needed - or not?

 

Then Rewrite profile with URI rules for each ext FQDN to int FQDN with Rewrite Header, Rewrite content set, like * -> * -> * -> * and so on

 

When redirect from http to https (send from backend) is needed then another Rewrite profile is necessary for HTTPS VS: * -> * -> * -> * and so on

 

It is working OK but requires plenty of objects to be configured, everything has to be entered by hand, in few places and cause a lot of work and possibility to make mistake :-(

 

Is there any other way (simpler, less error prone) to achieve the same goal?

 

Piotr

 

  • Is there any other way (simpler, less error prone) to achieve the same goal?

     

    No, not really. Prior to the rewrite profile, you would have needed to use a datagroup and either an iRule or Traffic Policy to accomplish the same goal, which I think many would find to be more difficult than the setup you've described.

     

  • Is there any other way (simpler, less error prone) to achieve the same goal?

     

    of course there is! this will also optimize F5 and servers performances:

     

    CONFIGURE INTERNAL SERVER TO ACCEPT EXTERNAL HOSTNAME AND TO RESPOND WITH RELATIVE URI
  • Hi,

     

    Assuming that using Rewrite profile is only option (even if worst one) how to solve missing trailing / issue?

     

    If URI Rule is like that:

     

    and user will send request without trailing /, like /old

     

    URI rule will not catch such request.

     

    Some web servers (for sure my IIS) is sending back redirect when receiving such request (but I doubt it's standard behavior for all types of web servers?) so client will be redirected to /old/ and then URI rule fires.

     

    But it's not perfect - if backend server will not send redirect then everything breaks up. Even if it will send then it is not best situation as /old request are still reaching backend.

     

    I am right now using iRule I found on DevCentral to fix such requests at VS level, because iRule is executed before Rewrite profile it seems to be working solution.

     

    But maybe it's not a right approach, maybe I am missing something important that could break backend server functionality somehow?

     

    Piotr

     

    • ishhyd82's avatar
      ishhyd82
      Icon for Nimbostratus rankNimbostratus

      Hi Piotr,

      Can you share the irule if possible

       

      Regards