Forum Discussion
GavinW_29074
Sep 23, 2011Nimbostratus
Selective Proxying ala ProxyPass
Hi there,
We're currently evaluating migrating from our existing Apache web-farm to a F5 device, and our initial tinkering is throwing up some questions that I'd like to get some input on...
Initially, the question is around how we control which URI's can be hit...
Currently, Apache's ProxyPass allows us ultimate control around which bits of the application the user can hit.
To give you an example:
User A hits x.y.com.
This then redirects them to x.y.com/ApplicationA/login
As part of this application, they also require a set of image resources, which are hosted on x.y.com/ApplicationAResources
User B hits z.y.com
This currently redirects them to z.y.com/ApplicationB
This request doesn't need anything else, other than the above end-point.
Using ProxyPass rules, we can easily define the above... How would we achieve the same using iRules? Or is there a better way other than iRules?
Cheers
Gavin
- Brian_69413NimbostratusYou can easily catch incoming URI's and redirect to different ones, but I don't think you have to rely fully on the F5 for this, the Apache web server should be able to give default content based on a virtual host...that should cover most of your requirements, then you can just use a switch statement within an iRule to decide where to redirect traffic.
- GavinW_29074NimbostratusBrian
- Brian_69413NimbostratusAre the java servers running a webserver? or was the ProxyPass serving up the content?
- GavinW_29074NimbostratusBrian
- Brian_69413NimbostratusExample iRule to only allow certain paths:
when HTTP_REQUEST { if { ([HTTP::uri] eq "/allowed") }{ HTTP::redirect "New path" else { reject } }
- GavinW_29074NimbostratusBrian
when HTTP_REQUEST { if { [HTTP::path] eq "/" || [HTTP::path] eq "" } { HTTP::redirect "https://[HTTP::host]/ApplicationA/logon" } elseif { not [class match [HTTP::path] starts_with ApplicationA_AllowedURLs] }{ HTTP::redirect "https://[HTTP::host]/ApplicationA" } }
- Patrick_Chang_7Historic F5 AccountYou should actually use the Proxy_Pass_v10 iRule. It was written expressly for this purpose.
- GavinW_29074NimbostratusPatrick
- Patrick_Chang_7Historic F5 AccountThe Rule has been vetted and debugged. Cut and paste the Rule as is. In order to add/change entries, you only have to edit the data group, not the Rule.
- GavinW_29074NimbostratusOk...
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects