Forum Discussion
Trying to configure an irule to rewrite specific headers for external redirection while not affecting headers going to local pool
Currently, i have a configuration where users who access http://www.abc.com go to this port 80 VIP
ltm virtual /Common/www.abc.com {
destination /Common/10.xx.xx.219:80
ip-protocol tcp
mask 255.255.255.255
persist {
/Common/cookie {
default yes
}
}
pool /Common/www.abc.com-web
profiles {
/Common/www.abc.com-Compression { }
/Common/www.abc.com-http { }
/Common/www.abc.com-TCP-Optimized { }
/Common/www.abc.com-stream { }
}
rules {
/Common/www.abc.com-ssl-redirect
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
}
When users try accessing http://www.abc.com/careers/jobs, an irule redirects that URL to https. The rest of the traffic goes to the local pool containing servers listening on port 80.
irule that is applied to the port 80 VIP
ltm rule /Common/www.abc.com-ssl-redirect {
when HTTP_REQUEST {
log local0. "Host: [HTTP::host], URI: [HTTP::uri]"
if { [HTTP::uri] starts_with "/careers/jobs" } {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
log local0. "20>>URI matched Career Jobs"
} else {
pool www.abc.com-web
log local0. "21>>URI match not found, using default pool"
}
}
}
The user is redirected to the port 443 VIP which is configured for SSL Bridging since the traffic from the F5 to the external site has to be SSL.
Port 443 VIP
ltm virtual /Common/www.abc.com-SSL {
destination /Common/10.xx.xx.219:443
ip-protocol tcp
mask 255.255.255.255
profiles {
/Common/www.abc.com-http { }
/Common/serverssl {
context serverside
}
/Common/stream { }
/Common/tcp-wan-optimized { }
/Common/wildcard {
context clientside
}
}
rules {
/Common/www.abc.com-redirect4
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
}
The irule that is applied to the port 443 VIP
ltm rule /Common/www.abc.com-redirect4 {
when CLIENT_ACCEPTED {
set default_pool [LB::server pool]
}
when HTTP_REQUEST priority 100 {
STREAM::disable
switch -glob [string tolower [HTTP::uri]] {
"/careers/jobs*" {
set path [string map {/careers/jobs* /careers/jobs*} [URI::path [string tolower [HTTP::uri]]]][URI::basename [string tolower [HTTP::uri]]]
set uri $path[URI::basename [HTTP::uri]][URI::query [HTTP::uri]]
HTTP::path $path
set qry_location [string first "?" [HTTP::uri]]
if { $qry_location > 0 } {
set qry [string range [HTTP::uri] $qry_location end]
} else {
set qry ""
}
set uri ${path}/$qry
HTTP::uri $uri
log local0. "10>>being redirected to $path"
}
default {
log local0. "-->[HTTP::uri] $default_pool"
pool $default_pool
return
}
}
HTTP::header replace Host "www.xyz.com"
set host [HTTP::host]
set dest [lindex [RESOLV::lookup @8.8.8.8 -a [HTTP::host]] 0]
if { $dest ne "https://www.xyz.com" } {
node $dest
}
}
when HTTP_RESPONSE {
if [HTTP::header exists Location] {
set location [HTTP::header Location]
set locationrewrite [string map { www.xyz.com www.abc.com } $location]
HTTP::header replace Location $locationrewrite
}
{
STREAM::expression "@www.xyz.com@www.abc.com@"
STREAM::enable
}
log local0. "client [IP::client_addr]:[TCP::client_port] server [IP::remote_addr]:[TCP::release] host $host"
}
when HTTP_REQUEST priority 200 {
log local0. "25>>Outgoing path [HTTP::uri]"
}
}
The local servers have finally been configured to support SSL. When i try adding a pool (containing the servers listening on port 443) to the SSL VIP, the irule tries to rewrite the headers for the local traffic. I just need the traffic that is being redirected to the external site to have the headers rewritten. Also, www.abc.com/careers/jobs/search needs to go to the local pool while www.abc.com/careers/jobs/* (everything else) needs to still redirect to the external site. I need help trying to figure this one out.
Thanks, Joe
2 Replies
Amine_KadimiMVP
The local servers have finally been configured to support SSL. When i try adding a pool (containing the servers listening on port 443) to the SSL VIP, the irule tries to rewrite the headers for the local traffic. I just need the traffic that is being redirected to the external site to have the headers rewritten
I can't figure out what do you mean by local traffic and external site, can you please explicitly tell what traffic should have the headers rewritten -your classification condition-.
Also, www.abc.com/careers/jobs/search needs to go to the local pool while www.abc.com/careers/jobs/* (everything else) needs to still redirect to the external site
Both /careers/jobs/search and /careers/jobs/* match your condition:
if { [HTTP::uri] starts_with "/careers/jobs" }Both will be redirected
We have local servers that host "www.abc.com". Our customer wanted a third party ( to host the "/careers/jobs" part. This is what I mean when I reference "external site". That specific URI is being redirected from our F5 back out to the internet to that third party site. The customer also wants users to only see "www.abc.com" in the URL instead of "www.xyz.com". That is why the irule is rewriting the headers. The current irule that I provided does that. Now the customer wants to bring just "/careers/jobs/search" back to be hosted on the local servers and keep the rest of "/careers/jobs" on the third party hosted site. I need to modify the current irule to support the new request and also support a SSL Pool.
