Forum Discussion

Piotr_Lewandows's avatar
Piotr_Lewandows
Icon for Altostratus rankAltostratus
Nov 14, 2017

Rewrite profile - any better way?

Hi,

 

I wonder is there is any simpler way to achieve something described below:

 

Scenario:

 

  • Single VS - IP mapped to few external FQDNs
  • Each external FQDN maps to virtual host on the same backend server (so traffic accepted only if there is Host header match in request send from BIG-IP to backend)
  • There is possibility that some links returned from backend (in content) are not relative and can use backend srv FQDN.

Setup:

 

Local Traffic Policy forwarding traffic to appropriate pool based on host header in request from client - sure it could be one pool but because FQDN nodes has to be used I guess separate pools are needed - or not?

 

Then Rewrite profile with URI rules for each ext FQDN to int FQDN with Rewrite Header, Rewrite content set, like * -> * -> * -> * and so on

 

When redirect from http to https (send from backend) is needed then another Rewrite profile is necessary for HTTPS VS: * -> * -> * -> * and so on

 

It is working OK but requires plenty of objects to be configured, everything has to be entered by hand, in few places and cause a lot of work and possibility to make mistake :-(

 

Is there any other way (simpler, less error prone) to achieve the same goal?

 

Piotr

 

devops
http to https
local traffic policy
LTM
rewrite profile
  • rob_carr's avatar
    rob_carr
    Icon for Cirrocumulus rankCirrocumulus
    Nov 15, 2017

    Is there any other way (simpler, less error prone) to achieve the same goal?

     

    No, not really. Prior to the rewrite profile, you would have needed to use a datagroup and either an iRule or Traffic Policy to accomplish the same goal, which I think many would find to be more difficult than the setup you've described.

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Nov 15, 2017

    Is there any other way (simpler, less error prone) to achieve the same goal?

     

    of course there is! this will also optimize F5 and servers performances:

     

    CONFIGURE INTERNAL SERVER TO ACCEPT EXTERNAL HOSTNAME AND TO RESPOND WITH RELATIVE URI
  • dragonflymr's avatar
    dragonflymr
    Icon for Cirrostratus rankCirrostratus
    Nov 16, 2017

    Hi,

     

    Assuming that using Rewrite profile is only option (even if worst one) how to solve missing trailing / issue?

     

    If URI Rule is like that:

     

    and user will send request without trailing /, like /old

     

    URI rule will not catch such request.

     

    Some web servers (for sure my IIS) is sending back redirect when receiving such request (but I doubt it's standard behavior for all types of web servers?) so client will be redirected to /old/ and then URI rule fires.

     

    But it's not perfect - if backend server will not send redirect then everything breaks up. Even if it will send then it is not best situation as /old request are still reaching backend.

     

    I am right now using iRule I found on DevCentral to fix such requests at VS level, because iRule is executed before Rewrite profile it seems to be working solution.

     

    But maybe it's not a right approach, maybe I am missing something important that could break backend server functionality somehow?

     

    Piotr

     

    • ishhyd82's avatar
      ishhyd82
      Icon for Nimbostratus rankNimbostratus
      Jun 08, 2022

      Hi Piotr,

      Can you share the irule if possible

       

      Regards