Forum Discussion
NimbostratusRewrite URL
Hello guys,
We have a very basic VS configured on our BIGIP which recognize a URL the HTTP request comes from and redirects the requests to the appropriate Pool members. The VS also does the SSL offload so wildcard certificate applied to SSL Profile (Client) - connection to the F5 comes on port 443 and then from F5 to the back end server on port 80.
Everything is done by a simple policy:
Strategy:best-mach Requires:http Controls:forwarding
Condition: http-host host equals x.domainname.com Action: forward select pool/Common/x_domain-pool-80
Condition: http-host host equals y.domainname.com Action: forward select pool/Common/y_domain-pool-80
Condition: http-host host equals z.domainname.com Action: forward select pool/Common/z_domain-pool-80
... and so on...
That works perfectly fine.
Now the new request came in to do something similar but the URL has some customizes URI in this example...
The new Web service can be access only via
The requirement is to hide the original URL behind something more user friendly - a_domainname.com.
Ideal would be to use the same Policy and the same VS (to save IP address and have everything in one place). I'm not sure if it can be achieved by Policy so maybe iRule would be a good solution?
I have managed to create a new Rule under my Policy which does the URI redirection but for some reason the SSL offload isn't working and the user not-friendly URL is visible for the end user:
Condition: http-host host equals a.domainname.com Action: http-reply redirect location:
Is there a good way of doing it?
38 Replies
Domel_163525I believe this is known as URL masking but not too sure how to accomplish this using Policy/iRule. I have tried to search for it but everybody has a different scenario which doesn't match my setup.
Brad_ParkerCirrus
I believe what you are looking for is a re-write, not a redirect. Something like:
Condition: http-host host equals a.domainname.com Action:http-uri request replace value: https://newwebservice/Custom/UriUpdated for pool selection and query string preservation:
ltm policy DV { controls { forwarding } requires { http } rules { WebService { actions { 0 { http-uri replace query-string "tcl:[URI::query [HTTP::uri]]" value https://newwebservice/Custom/Uri } 1 { forward select pool newwebservice_pool } } conditions { 0 { http-host host values { a.domainname.com } } } ordinal 1 } } strategy first-match }
Stanislas_Piro2Cumulonimbus
Hi,
Brad, cannot be set as URI but /Custom/URI
this solution will rewrite only request and not answer, and every requests will be rewrite to /Custom/URI.
In irule, you must:
- use string map to replace / to /Custom/URI/ in requests
- use stream command to replace /Custom/URI/ to / in responses
You can create a rewrite profile (type translation).
In this rewrite, define:
- external URL : https://a.domainname.com/
- internal URL :
- Domel_163525
Thanks Guys!!!
So what is the answer will it work at all with re-write using the Policy or custom iRule has to be configured?
- Domel_163525So Brad I have tried your method unfortunately that didn't work... Do I need to add another action to the same rule to send request to a specified pool?
- Brad_ParkerDoes the site live on a different pool of servers than what is default to the virtual server?
- Brad_ParkerAlso, what kind of web service are you using, does it use query parameters?
- Stanislas_Piro2
Hi,
I read the article you provide and there is no information that full URL is rewritten but the Full URI
I tried the following policy:
ltm policy Pol_Pool1 { controls { forwarding } requires { http } rules { uri-replace { actions { 0 { forward select pool Pool-c-8080 } 1 { http-uri replace value https://newwebservice/Custom/Uri } } ordinal 1 } } strategy first-match }and the request sent to the server was:
GET https://newwebservice/Custom/Uri HTTP/1.1 Host: 192.168.155.110 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Connection: keep-aliveSo http-uri replace value rewrite only URI and not URL... the policy must be:
ltm policy Pol_Pool1 { controls { forwarding } requires { http } rules { uri-replace { actions { 0 { forward select pool Pool-c-8080 } 1 { http-uri replace value /Custom/Uri } 2 { http-host replace value newwebservice } } ordinal 1 } } strategy first-match }For the web service, I recommend to define one URI for it and add a condition like:
conditions { 0 { http-uri path values { /webservice.php } } } 
THiHave you looked at the good old ProxyPass -iRule? It can do pretty much of this and more.
- Domel_163525
Ok, so F5 support came back to me saying this can not be accomplished by the use of Policies.
They send me a link to this iRule:
https://devcentral.f5.com/codeshare?sid=646
Which apparently works but they have advised to use Profiles instead which is much simpler.
Anyone has configured it before??
Local Traffic --> Profiles --> Services --> Rewrite
- THiThat link is to the ProxyPass iRule ;o) Depending on the application, you may need to do rewrites in the response body, too (eg. links in the HTML page content), not only redirect responses. ProxyPass iRule can do both to some extent (uses default stream profile for the page content rewriting).
- Stanislas_Piro2Hi, I told you to create rewrite profile 4 days ago: You can create a rewrite profile (type translation). In this rewrite, define: external URL : https://a.domainname.com/ internal URL : http://newwebservice/Custom/Uri/
- Domel_163525Ok so I have created the rewrite profile called test as follow: Parent Profile: rewrite Rewrite Mode: URI Translation URI Rules: Rule Type: Both Client URI: / Server URI: https://newwebservice/Custom/Uri/ And that works but still can not see the images... It works in the same way as iRule and Policy. F5 support is currently investigating.... What am I missing here...??? It also works with: Client URI: / Server URI: /Custom/Uri/ But still no images... I have also tried: Client URI: http://a.domainname.com/ Server URI: https://newwebservice/Custom/Uri/ and again that work but no images...
- Domel_163525
Ok, so F5 support got to the bottom of this and it looks like the images are not loading because they are a different location...
So I will try to simplify this as much as I can:
So we have a server in our network which runs Focalpoint and it's accessible via this link directly:
This URL is case sensitive and has to be exact otherwise the web browser will return an error.
What we would like to do is to make the URL simpler for our users.
The ideal would be:
http://focalpoint.domainname.co.uk
We have tried to re-write client URI to server URI by using Policies, iRules, Profiles but no luck...
The only option which worked was to re-write:
to http://focalpoint.domainname.co.uk
and when typing the address in the web browser we have to manually add /servlet/Login to the URL.
So what users have to type is:
http://focalpoint.domainname.co.uk/servlet/Login
which is not very different from the original URL:
What I have been told by F5 is that actual images are based in "fp" folder not "servlet" folder.
But even if we move the images to the "servlet" folder users will still have to add the "/Login" bit to the URL.
My question to you Guys now is, is there any way of doing this or shall I give up on this?
- Stanislas_Piro2Hi, Is it really necessary to rewrite? Can you only configure a policy rule to redirect path "/" to "/fp/servlet/Login" the user default URL is http://focalpoint.domainname.co.uk/ which is redirected to the login URL.
- Domel_163525We could do redirect but the problem is that the end user will see the original URL which we would like to hide... I will try to re-write every single folder in my URL and see if that works at all.
- Domel_163525Stanislas do you mean rewrite and redirect in the same time? So rewrite: http://focalpoint.domainname.co.uk/ to http://focalpointsvr/fp/ then redirect to http://focalpoint.domainname.co.uk/servlet/Login Would that work?
- Stanislas_Piro2
Hi,
Rewrite profile was a feature in APM to hide all internal URL behind the SSL VPN portal... this feature is now named rewrite portal rewrite.
In version 11.4.0, a new rewrite profile mode appeared : rewrite URI translation which translate one external URL with one internal URL.... this feature is a TMOS feature (available in LTM, ASM, APM)
read the LTM and TMOS release note 11.4.0 :
Rewrite profileThe BIG-IP system now offers a URI translation feature called the Rewrite profile. Using this profile, you can create URI rules that define any URI scheme, host, port, and path modifications that you want the BIG-IP system to apply to HTTP requests and responses passing through the system. You can also create rules to translate information defined in the Set-Cookie header of a request or response.
