hi, i searched here in this forum a long time for a irule that satisfy my needs but i didn`t get this things started. I want to rewrite (not redirect!) URIs as follows: http://server1.company.de -> http://server10.company.de:port http://server1.company.de/directory1 -> http://server11.company.de http://server1.company.de/directory2 -> http://server12.company.de/directory Is there anybody who can give me an example of a irule whch will rewrite this URIs? Thanks! Regards, Steffen

Kirk added a very complete ProxyPass codeshare rule (Click here) which should allow you to do this. Else, if that's more than what you're looking for, you could use 'HTTP::header replace Host newhost' to rewrite the Host header and HTTP::uri to set the URI before the request is sent to the pool. You may also need to rewrite response content (with a stream profile) and response headers (with HTTP::header replace) to make the change transparent to clients. Take a look at the proxypass rule and the wiki pages for the various commands and reply with any questions. Aaron

Posted By hoolio on 08/21/2007 3:21 AM Else, if that's more than what you're looking for, you could use 'HTTP::header replace Host newhost' to rewrite the Host header and HTTP::uri to set the URI before the request is sent to the pool. You may also need to rewrite response content (with a stream profile) and response headers (with HTTP::header replace) to make the change transparent to clients. Take a look at the proxypass rule and the wiki pages for the various commands and reply with any questions. Aaron Thanks. I`ve found Kirks solution before but i think its too complex. I`ve made the following irule but in my client`s browser i get an error: "" Not Found The requested URL /directory1 was not found on this server. "" my irule: "" when HTTP_REQUEST { if { [HTTP::uri] contains "directory1"} { HTTP::header replace Host server11 } } "" In addition how do i edit the response content? Regards, Steffen

You can use a stream profile to modify the response content. Do consider using my ProxyPass iRule and saving yourself a lot of time -- that iRule has been thoroughly tested and you need not modify the rule itself, just create and manage a data group to go along with it.

And the error you are getting is because you changed the host header but did not modify the request URI to remove the "directory1" portion. Also be aware that you have to reverse this whole process if the server sends redirects which are very common. For example, if you got the URI http://server1.company.de/directory2/ to successfully map to http://server12.company.de/directory/ try going to the same URI without the trailing slash. The server will send the browser a redirect to http://server12.company.de/directory/ which you then have to modify back to http://server1.company.de/directory2/ in the headers on the way back to the client.

hi kirk, i`ve used your irule, but i got the following errors: line 13: [wrong args] [virtual] line 22: [wrong args] [virtual] line 50: [wrong args] [virtual] line 74: [wrong args] [virtual] line 85: [wrong args] [virtual] line 90: [wrong args] [virtual] line 99: [wrong args] [virtual] line 129: [wrong args] [virtual] Do i have to replace "[virtual]" ? Regards, Steffen

Rewrite URL | DevCentral

19 Replies

Steffen_Lenz_29
Nimbostratus
Aug 22, 2007
Posted By kirkbauer on 08/21/2007 7:15 AM

You must at least have a "/" after the hostname in each item in each entry. So in your case the data group record would be:

testf5web.fiz-karlsruhe.de/netmon/ netmon.fiz-karlsruhe.de/

hi Kirk,

i changed my data group record. Now i get "https://testf5web.fiz-karlsruhe.de/netmon//" when opening "https://testf5web.fiz-karlsruhe.de/netmon/".

"https://testf5web.fiz-karlsruhe.de/netmon//" shows the content of the webserver which is defined in the Pool of the Virtual Server.

I´ve also added "netmon.fiz-karlsruhe.de" as a member of the pool of the Virtual Server but this didn`t improved the situation.

Any Ideas?

Regards,

Steffen
Kirk_Bauer_1018
Altostratus
Aug 22, 2007
I can't read my own instructions I put right in that post. The proper entry is:

testf5web.fiz-karlsruhe.de/netmon netmon.fiz-karlsruhe.de/

(never end the left-hand entry with a / unless there is no path at all, same rule for the right except always end the right with a slash if the left ends with a slash)
Steffen_Lenz_29
Nimbostratus
Aug 23, 2007

hi Kirk,

thanks for your assistance but now i doubt about myself....

I changed the Data Group List Entry to

"testf5web.fiz-karlsruhe.de/netmon netmon.fiz-karlsruhe.de/".

Accessing "http://testf5web.fiz-karlsruhe.de/netmon" i get

"404 Not Found - Not Found The requested URL /netmon was not found on this server"

Accessing "https://testf5web.fiz-karlsruhe.de/netmon" i still get the content of the webserver which is defined in the Pool of the Virtual Server.

This couldn`t be so difficult?!

Regards,

Steffen
Kirk_Bauer_1018
Altostratus
Aug 23, 2007
So you must have two virtual servers -- one for HTTP and one for HTTPS. Is the iRule applied to both virtual servers? Once that is done you must have two data groups, one for each virtual server. You mentioned that you have ProxyPasstestf5web-ssl, you also would need one for the HTTP virtual server.

Next thing to mention is that the rules you are showing are not affecting which server to send the request to. The request will still go to the default pool on the virtual server. All the ProxyPass rule is doing is changing the Host header and/or the request URI. If you want to send matching requests to an alternate pool then you need to use the optional 3rd item in the line in the data group:

testf5web.fiz-karlsruhe.de/netmon netmon.fiz-karlsruhe.de/ OtherPoolName

In this example any request coming in with a Host header equal to "testf5web.fiz-karlsruhe.de" and with a URI starting with "/netmon" will be sent to the pool OtherPoolName and have the "/netmon" stripped off the front of the URI and have the host header changed to be "netmon.fiz-karlsruhe.de". Likewise the rule will do the reverse on any redirects, etc. Any request not matching the left-hand item will not be touched by the rule and will not be modified and will go to the default pool.

I hope that helps!
Kirk_Bauer_1018
Altostratus
Aug 23, 2007
In the first case you were sending SSL-terminated (i.e. HTTPS->HTTP) traffic to an SSL port (443) on your servers. You either need to change the server to accept HTTP traffic on port 80 since the BIG-IP is already handling the SSL, or in the virtual server you need to assign a server SSL profile (just use the default one) so that the BIG-IP will re-encrypt the traffic to SSL on the back-side.

For your first question, if you view the source of the page, are the images referenced as http://autodoc.fiz-karlsuhe.de/img/image.jpg? In other words is the full path specified as opposed to just "/img/image.jpg" or just "image.jpg"? If so, you will need to apply the default stream profile to a virtual server and uncomment the lines near the end of the iRule to allow it to try and modify the actual page contents. This may or may not work (depending on your page) but it is worth a shot.

For your second question this is the exact behavior you have configured. The whole point of the ProxyPass iRule is to allow the clients to hit an external URL (testf5web.fiz-karlsruhe.de/autodoc) and, without being redirected and without ever seeing the name of the inside host, visit the internal site autodoc.fiz-karlsruhe.de/. You have to decide what you want the browser to show in the URL bar. If you want the browser to show autodoc.fiz-karlsruhe.de/ (and your users can access that by going to http://autodoc.fiz-karlsruhe.de/) then you don't want ProxyPass at all, instead you want to do a simple HTTP Redirect iRule that will redirect http://testf5web.fiz-karlsruhe.de/autodoc/ to http://autodoc.fiz-karlsruhe.de/. A redirect tells the browser "Hey, go to a different URL, here it is". While ProxyPass doesn't say a word to the browser -- it gives the browser the illusion that they are viewing the /autodoc/ subdirectory on your site while on the back-side they are really talking to a different server.
neal_kurtz_6624
Nimbostratus
Aug 24, 2007
Sorry to hound in on the thread. But I want to thank you Kirk for going and creating this iRule. But I am getting an error output when running the iRule and am not able to intreprit it. Can you please help. This is what I get..

Aug 24 15:01:02 tmm tmm[721]: 01220001:3: TCL error: Rule ProxyPass - list element in braces followed by "" instead of space while executing "foreach entry [set [set clname]] { if {"$orig_host$orig_uri" starts_with [getfield $entry " " 1]} { set new_len [string ..."

Sorry to mention I am running version 9.1.1

Thanks very much.

Neal
Kirk_Bauer_1018
Altostratus
Aug 24, 2007
I'm not sure what the version requirements are for my iRule, but it very well may be 9.2.X+. I don't really have an easy way to try it out on older code at this time. I would highly encourage upgrading to 9.3.0 as there have been quite a number of bug fixes, etc, since 9.1.1.
neal_kurtz_6624
Nimbostratus
Sep 21, 2007
Kirk,

Updating this topic to say I updated my BigIP's and things are no longer erroring. Yahoo. But I have run into an additional issue that my application server is returning a re-direct from https to http. My application is somehow recognizing that the client is coming from a https and not from http and wanting to redirect the session back to http. Is there something I'm missing?

thanks

Neal
neal_kurtz_6624
Nimbostratus
Sep 21, 2007
Kirk, I did finally get the BigIP's updated to 9.3. Which removed the error that I stated before when running the proxypass. But this has brought one other issue that I can't seem to get around. My application is somehow verifying what URL the client came from and has figured out that the client used a https in the URL and wants to redirect it back to an http session. We have been able to test that the webserver (websphere) is okay with the session but the application is what is some how looking into the session to see the https that the client came from.

thanks for your input.

Neal

Forum Discussion

Rewrite URL

19 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

URL rewrite

URL Rewrite

URL Rewrite/ProxyPass Functionality

Thinking Outside the Box: Rewriting Web Pages with F5 Distributed Cloud (XC)

URL rewrite through iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS