Forum Discussion
Rewriting the host and port in the request and response to the server
Hey guys.
I'm trying to perform the host and port rewrite but it still doesn't work.
BIG-IP 16.1.2.2 Build 0.0.28 Point Release 2
The scenario is:
Two pairs of App1 and App2 servers. App1 Service Provider and App2 Identity Provider.
Outside users must access via IP. The internal network users by name.
The application does not allow the exchange to configure access by IP and FQDN at the same time.
When accessing App1, the user is redirected to App2, after authentication and redirected to App1.
In summary, I would like that in all communication between the user and the servers the FQDN:PORTA is replaced by IP:PORTA.
I'm using iRules for this, but without success. I create one rule per block.
PAM_REQUEST_FQDN_to_IP
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "app1.dnf.local:443" } {
set uri [string map -nocase {"app1.dnf.local:8282" "10.20.110.6"} [HTTP::uri]]
HTTP::uri $uri
}
}
MFA_REQUEST_FQDN_to_IP
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "app2.dnf.local:443" } {
set uri [string map -nocase {"app2.dnf.local:9251" "10.20.110.7"} [HTTP::uri]]
HTTP::uri $uri
}
}
PAM_RESPONSE_FQDN_to_IP
when HTTP_RESPONSE {
if { [HTTP::uri] starts_with "app1.dnf.local:443" } {
set uri [string map -nocase {"app1.dnf.local:8282" "10.20.110.6"} [HTTP::uri]]
HTTP::uri $uri
}
}
MFA_RESPONSE_FQDN_to_IP
when HTTP_RESPONSE {
if { [HTTP::uri] starts_with "app2.dnf.local:443" } {
set uri [string map -nocase {"app2.dnf.local:9251" "10.20.110.7"} [HTTP::uri]]
HTTP::uri $uri
}
}
Thanks a lot for the help
- Ahmed_Galal
Cirrostratus
no need to change the port if it is the default port for backend pool members but if not you can create a new pool with this port and configure LTM policy with condition that request URL to map traffic to new pool and rewreite the URI. its way easire to use LTM policy.
in response i this that it rewrite the URI in case of redirect traffic only but am not sure.
- Kleyton
Nimbostratus
Hello Ahmed
Sorry for along delay. I tried via Irule but nothing. So that I tried via STREAM but nothing also.
I will procced by other approach.
Thanks a lot for your help.- Leslie_HubertusRet. Employee
Good luck! Can you tell us what ended up working for you once you've solved the issue?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com