For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sean_Lagerholm_'s avatar
Sean_Lagerholm_
Icon for Nimbostratus rankNimbostratus
Jun 07, 2006

Simple http redirect???

Help, I'm having difficulty with fulfilling a requirement :     The customer wants to type in some url and then gets redirected.   The customer doesn't want to see the redirect in their brow...
application delivery
dev
devops
iRules
Deb_Allen_18's avatar
Deb_Allen_18
Historic F5 Account
Jun 14, 2006
Hey guys --

 

 

Here's a rule that rewrites both request and the response, emulating the rewrite Apache is doing via ProxyPass & ProxyPassReverse:

 

 

The requirements:

 

* Replace Apache ProxyPass & ProxyPassReverse functionality for bidirectional host and URI re-writes.

 

** Request: Rewrite host header and prepend application path to request URI

 

** Response: Replace hostname references to client-facing value, and remove prepended URI path from all URLs in payload.

 

* A single rule which can be applied to multiple virtual servers would be ideal.

 

 

The LTM configuration:

 

* Create the class containing the virtual server names to which the rule will be applied (follow the example below). The re-write values will be extracted for each virtual to which the rule is applied, allowing you to apply to multiple virtuals. If a record does not exist, the rule logic is bypassed.

 

* Create the pools of backend server with the appropriate service port and serverssl profile if required.

 

* Apply default pools and profiles to virtual server as required.

 

* Create the rule below and apply to the virtual servers where functionality is required.

 

 

The rule logic and the traffic flow:

 

* Requests will be sent to port of pool member with modified Host header from table. (Assumes that backend server expects the port in the Host: header.)

 

* Requests will be sent cleartext or encrypted to backend server based on existence of serverssl profile on the virtual.

 

* Links in responses will be re-written with client-facing values for host and URI. 
class ProxyPass {
 space delimited row for each virtual to which rule will be applied
  vs_name  backend_host_header  backend_uri_prefix
   virtual1 inside_app1.company.com:7005 /newDir/otherDir
   virtual2 inside_app2.company.com:7006 /newDir/otherDir
}
rule ProxyPass {
   when HTTP_REQUEST {
      set ppass [findclass [virtual name] $::ProxyPass]
      if {$ppass == ""}{
         log local0. "No ProxyPass class entry found for virtual server \
         [virtual name] at [IP::local_addr]:[TCP::local_port]. \
         Bypassing rewrite logic."
         set bypass 1
         return
      } else {
         set host_clientside [HTTP::header Host]
         set host_serverside [getfield $ppass " " 1]
         set uri_prepend [getfield $ppass " " 2]
         HTTP::uri $uri_prepend[HTTP::uri]
         HTTP::header replace Host: $host_serverside
      }
   }
   when HTTP_RESPONSE {
      if { 1 != $bypass }{
         set length [HTTP::header Content-Length]
         HTTP::collect $length
         regsub -all $host_serverside$uri_prepend [HTTP::payload] $host_clientside newdata 
         HTTP::payload replace 0 $length $newdata
         HTTP::release
         unset newdata
      }
   }
}
That should be pretty close to what you need. If you run into anomalies, adding some log lines to expose the variable values at different points in the code should help you work it out the rest of the way. But if you get stuck, feel free to post back with questions.

 

 

peace

 

/deb