Forum Discussion
NimbostratusRewrite rule forward to specific domain and port
Hello Guys/Gals -- I'm new to irules and am trying to figure out a re-write scenario, I'm trying to change a current rule that does a redirect, and change it to rewrite. The current rule is like this, it works but of course the browser url gets updated and we want to keep the destination from displaying.
=================================================================================================== when HTTP_REQUEST { if { [string tolower [HTTP::host]] starts_with "abc-news.east.foo.com" } { HTTP::redirect "https://server.nbc-news.west.foo.com:7012/Portal/index.html" } } ===================================================================================================
I Attempted the following re-writes but browser hangs. I'm trying to forward to a specific domain and server that is listening on a specific port.
when HTTP_REQUEST { if { ([HTTP::host] eq "abc-news.east.foo.com") && ([HTTP::uri] eq "" } { HTTP::header replace "Host" "https://server.nbc-news.west.foo.com:7012" HTTP::uri "/Portal/index.html" } }
================================================================================
when HTTP_REQUEST { if { ([HTTP::host] eq "abc-news.east.foo.com")} { HTTP::header replace "Host" "https://server.nbc-news.west.foo.com:7012"} { HTTP::uri "/Portal/index.html" } }
Wondering if I might need to use a pool member to redirect, so I created a pool that has it service port going to 7012. It appears to be listening OK as it green. So my question is how can I rewrite to go to that pool or am I going about this the wring way. I'm not finding much about rewrite using a port.
Thanks
T
What_Lies_Bene1Cirrostratus
I don't think you need to do anything with the URI and the host doesn't need the https:// in it. I don't think you need the 7012 in the header either. You're pool members can be listening on any port you want as long as you configure LTM appropriately.
Keep in mind that absolute links (if any) in responses will contain the 'original' hostname.'- Kevin_Stewart
Employee
You shouldn't need to specify the port unless the application requires it. It's rare but some do. So instead of redirecting on host, you want to silently modify the host header for ingress traffic. You'll definitely need a pool with port 7012 members and modify the host header on every request. The URI change from "/" to "/Portal/index.html" should probably be a redirect though - unless you want to be in the business of managing every possible URI (the work of a rewrite proxy).when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::redirect "/Portal/index.html" } else { HTTP::header replace Host "server.nbc-news.west.foo.com" } }
Again, should you need to completely hide the URI as well, you can use the HTTP::uri command on the ingress, but you have to be mindful of any possible URI translations. 
tvotta_94824thx--tried removing the https:// but still not working.
- nitassi assume foo is pool of server.nbc-news.west.foo.com and it is running http on port 7012.
e.g.[root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:443 ip protocol 6 rules myrule profiles { clientssl { clientside } http {} tcp {} } } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:7012 {} } [root@ve10:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { if {[HTTP::uri] equals "/"} { HTTP::uri "/Portal/index.html" } HTTP::header replace Host "server.nbc-news.west.foo.com:7012" } } [root@ve10:Active] config ssldump -Aed -nni 0.0 port 443 or port 7012 -k /config/ssl/ssl.key/default.key New TCP connection 1: 172.28.19.251(44761) <-> 172.28.19.79(443) 1 1 1349110332.3796 (0.0101) C>S SSLv2 compatible client hello 1 2 1349110332.3797 (0.0000) S>CV3.1(81) Handshake 1 3 1349110332.3797 (0.0000) S>CV3.1(953) Handshake 1 4 1349110332.3797 (0.0000) S>CV3.1(4) Handshake 1 5 1349110332.3817 (0.0020) C>SV3.1(262) Handshake 1 6 1349110332.3817 (0.0000) C>SV3.1(1) ChangeCipherSpec 1 7 1349110332.3817 (0.0000) C>SV3.1(36) Handshake 1 8 1349110332.3970 (0.0152) S>CV3.1(1) ChangeCipherSpec 1 9 1349110332.3970 (0.0000) S>CV3.1(36) Handshake 1 10 1349110332.3986 (0.0015) C>SV3.1(184) application_data --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: abc-news.east.foo.com --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(44761) <-> 200.200.200.101(7012) 1349110332.4007 (0.0009) C>S --------------------------------------------------------------- HEAD /Portal/index.html HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: server.nbc-news.west.foo.com:7012 --------------------------------------------------------------- - What_Lies_Bene1Note, as shown in the examples by tvotta and nitass you should remove the quotes around Host. Also, please check there is a space before and after each } or {. You also need to remove the ( and ).
- tvotta_94824
Thx- -
To reach this app the port is needed as there are other app on the same box. Pretty sure the port needs to be specified at some place.
I attempted your suggestion as it did make sence to me but am not getting there.
Not sure if I am explaining correctly.
Thes destination is a server running an app on a specific port. I'm trying to rewirite to that destination.
https://server.nbc-news.west.foo.com:7012/Portal/index.html
Is there a method to use irules to forward to a pool where I have the member set up at the service port I need?
thx
- What_Lies_Bene1
It doesn't matter what port the server is listening on, LTM is acting as a proxy so your Virtual Server can be on port 443 and your pool member listening on 7012 and it all just works; the client connection is terminated on 443 and a new connection is created from the F5 to the pool member on 7012. No need to use an iRule to change the port, it's automatic. You could have six pool members all listening on different Service Ports and it wouldn't matter, it would work.
- nitasshttps://server.nbc-news.west.foo.com:7012/Portal/index.html
is this also virtual server on bigip? if so, would you mind posting virtual server and pool configuration?
b virtual (virtual server name) list
b pool (pool name) list - tvotta_94824nitass - -
foo is not a pool it's just part of the fqdn.
I added the pool with the member's server port of 7012
b virtual vs_portal-https
p poo p_portal_7012l
now trying to figure out how to get a irule to use it. - nitasssorry to confuse. can you post these command output?
b virtual (abc-news.east.foo.com) list
b virtual (server.nbc-news.west.foo.com) list
b pool (server.nbc-news.west.foo.com) list
