Forum Discussion
AltostratusSSL and Uri Rewrites
I have the following issue and wanted to be sure I have the correct understanding
I have configured SSL bridging on my F5, so at a high level this is:
SSL Session between Client and F5
F5 decrypts, inspects with WAF
SSL Session (separate) between F5 and backend server.
I have a requirement to rewrite a uri from service.abc.com to host serverxyz.com
Internally my testing works
Externally my testing fails
Does this mean that the external client has to be able to reach the host serverxyz.com (dns/IP)
I think the rewrite forces the client to attempt a direct connection?
Is it possible to combine SSL bridging and uri rewrites?
5 Replies
Hello sjy2025
Yes, it is totally possible and fully supported.
Your issue is most likely application-related, not SSL bridging itself. You need to check whether the application uses relative paths or if it has FQDN hardcoded in its responses.
If the application returns redirects, links, or cookies that reference serverxyz.com, then the client will try to connect directly to that hostname, which would explain why it works internally but fails externally.
In that case, you may also need to rewrite the responses, not just the incoming request.
- sjy2025
Thank you for clarifying that this is the behaviour.
At the moment I have a rewrite profile attached to the Virtual Server
It is configured as client service.abc.com to server serverxyz.com type request
Are you suggesting I might ned to reconfigure this to be both
Or do I need an additional rule?
Rewrite profile will do the basics for both directions (HTTP headers, URIs, Cookies)
But your problem might exists in payload (eg JS)
You best opion is, if possible, to configure app itself to not hardcode fqdn anywhere.
If this is not possible, then you have to do some reverse engineering and try to modify fqdn whenever needed with irule.
