For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Madiw_114772's avatar
Madiw_114772
Icon for Nimbostratus rankNimbostratus
Jan 17, 2014

Traffic not forwarded do backend server

Hello,

 

I have issue with my irule below, thanks for any help. Here is the scenario, I want to implement : I configured a Portal as SP and authentication for the Portal is forwarded to an idp (SAML auth) so, - user browser hit the url : https://portal.abc.com/idp/SSO.saml2 ...portal.abc.com is terminated on the VS of the APM Portal...so there's no default pool - the F5 detect the uri = /idp/SSO.saml2 and replace portal.abc.com with idp.abc.com then forward traffic to backend server https://idp.abc.com/idp/SSO.saml2 - when the backend server responds F5 replace idp.abc.com with portal.abc.com The issue that I'm having with the irule is that the traffic is not forwarded to the backend, I made tcpdump but no traffic is leaving the F5 toward the backend server while in the ltm log, I'm seeing that the header is replaced and the pool is assigned as expected.

 

Thanks

 

when HTTP_REQUEST { STREAM::disable HTTP::header remove "Accept-Encoding"

 

if { [HTTP::uri] contains "/idp/SSO.saml2" } {
HTTP::header replace Host "idp.abc.com"
    log local0. " rewrite forward URL: [HTTP::host][HTTP::uri]"
        log local0. " pool forward : [LB::server pool]"

  } else {
do nothing but don't know how to code that for now  
HTTP::header replace Host "portal.abc.com"
log local0. "original forward URL: [HTTP::host][HTTP::uri]"

}

 

} when HTTP_RESPONSE { if {[HTTP::header value Content-Type] contains "idp.abc.com"}{ STREAM::expression {@idp.abc.com@portal.abc.com@} STREAM::enable log local0. "response rewrite URL: SERVER_ADDRESS [IP::server_addr]" } }

 

application delivery
BIG-IP Access Policy Manager (APM)
deployment
devops
iRules
security
No RepliesBe the first to reply