Forum Discussion
George_32239
Nimbostratus
NimbostratusTwo way re-write like a bluecoat !
Hi,
I need to be able to do the following;
Client connects to http://aserver.com/
I need to re-write this to
http://bserver.com/folder/
I have had a fiddle with ProxyPass v10.9 and I think I am getting the first part done
What they want is nothing to change in the client browser, at the moment I can see that the URI that is getting back to the client has the foldername added and then it is making a request is as follows;
aserver.com/folder/some_uri_or_other
and fails.
So I need to rewrite the host and uri on the way into the backend server and then re-write it back on the way to the client if that makes any sense.
LTM v.11.1 Any assistance greatly appreciated.
Here is a sample of what gets done on, I think it is a bluecoat
I dont need to do anything with SSL all in the clear.
define action application_name
;;Rewrite Incoming urls - FORWARD EXTERNAL URL TO INTERNAL SERVER
rewrite( url, "xyz.abc-hello.domain.com(.*)", "somethingelse.doamin.co.uk/foldername$(1)" ) (*the hostnames are different)
rewrite( request.header.Referer, ""xyz.abc-hello.domain.com(.*)", "somethingelse.doamin.co.uk/foldername$(1)" )
;;Rewrite contents of pages
transform application_name
;;Rewrite internal urls to the external ones on responses
rewrite( response.header.set-cookie, "(.*)domain.co.uk(.*)", "$(1)domain.com$(2)")
end
define url_rewrite application_name
rewrite_url_substring "xyz.abc-hello.domain.com" "somethingelse.doamin.co.uk/foldername"
end url_rewrite medbens_uat_nhs_portal
- forwarding config sends rewritten requests to the appropriate backed server(s).
proxy.address=x.x.x.x
server_url.domain=//somethingelse.doamin.co.uk/foldername/ forward(x.x.x.x_80) forward.fail_open(no)
proxy.port=443 forward(x.x.x.x_80) forward.fail_open(no)
- Kevin_Stewart
Employee
This should all be possible with ProxyPass. Can you post what you have so far? 
George_32239Hi Kevin,
Thanks. I will do on Monday. I found a work-around (I think !), well, I get to the page they want to get to even though the URL is altered slightly, they are testing it is just a cosmetic issue. Would be nice to get to the bottom of it, I suspect an IIS issue.
Thank You
George- George_32239Hello (not quite Monday !)
Ok so think I got to the bottom of it, well when I say that, what I mean is I have it working !, but.... !
Background
User --> Microsoft Forefront TMG (terminates SSL) --> LB VIP (clear HTTP)
Desired Effect
User enters www.firstdomain.com/ in browser F5 picks up request and 'sends' it to seconddoamin.gov/folder (not a redirect, header re-writes and things) user browser continues to display firstdomain.com/ (the URI bit after the / changes but I think they can live with that)
So grabbed a copy of ProxyPass v10.9 followed instructions to the letter !
Created a data group with the following contents;
www.firstdomain.com:443/ := seconddomain.co.uk/folder (no idea why I have the 443 in their, doesn't match otherwise, wonder if the TMG is playing with headers, it is not HTTPS when it gets to F5)
Turned on verbose logging, turned on re-write page content, applied stream profile all the instructions followed I'm sort of very sure.
Had a bash at getting to www.firstdomain.com/, kept getting an error from IIS saying 'Permission to /folder' access is denied etc etc, very stumped.
Added some more log local0. entries into places that I could see HTTP::uri and HTTP:host where either set or manipulated. Added quite a few so I could see at each step what the original request and modified request was.
Got to this section of ProxyPass code;
when HTTP_REQUEST_SEND {
If we didn't match anything, skip the rest of this event
if {$bypass} {
return
}
The following code does the actual rewrite on its way TO
the backend server. It replaces the URI with the newly
constructed one and masks the "Host" header with the FQDN
the backend pool server wants to see.
If a new pool or custom SNAT are to be applied, these are
done here as well. If a SNAT is used, an X-Forwarded-For
header is attached to send the original requesting IP
through to the server.
if {$host_clientside eq $orig_host} {
if {$orig_uri starts_with $path_clientside} {
if { $static::ProxyPassDebug > 1 } {
log local0. "$log_prefix: New Host=$host_serverside, New Path=$path_serverside[substr $orig_uri [string length $path_clientside]]"
}
clientside {
Rewrite the URI
HTTP::uri $path_serverside[substr $orig_uri [string length $path_clientside]
I added the following line
log local0. "Client Side Pre Processing - The URI is [HTTP::uri]"
This was showing me that what was happening was two /folder was being added (WTH!) so the URI was becoming /folder/folder and I have no idea why or where it is getting the second /folder from. So I added the following code;
HTTP::uri [string map {"/folder/folder" "/folder"} [HTTP::uri]]
log local0. "Client Side URI re-write is [HTTP::uri]"
Now it shows me that HTTP::uri is /folder and not /folder/folder (which is nice)
The rest of ProxyPass gets processed and it seems to function as expected so
the contents of user browser were www.firstdomain.com/folder/rest_of_bumf
Tester says in old system i.e. using bluecoat in never used to add the /folder bit or at least they couldn't see it, I'm not sure I care as if it works it would appear to be a cosmetic issue, how many users would even notice the /folder/ as long as the app worked.
So I am happier and confused !, why do I need the 443 in the data group ?, can't see it in a header and where is it getting the additional /folder from, the data group only has one. They are testing and the app seems to work, so this is more out of curiosity now (unless they ring later and say its busted)
So, they are LTM 1600 with 11.2 HF1 (I know 11.4 will have this feature built in !) so no ProxyPass although I have thoroughly enjoyed my time trying to fix this and learning iRule stuff (is that weird ?)
Can you tell this is my first go at this ?
Any ideas on where to look would be great.
Cheers,
George - George_32239ignore my typo's on the domains they should be www.firstdomain.com:443/ := seconddomain.co.uk/folder all the way through
