Forum Discussion

Mohanad's avatar
Mohanad
Icon for Cirrostratus rankCirrostratus
May 13, 2020

unexpected redirection

Hi Everyone

 

this the network topology

 

Client (1.1.1.1) -----> F5 ASM (192.168.10.10:443) -----> Backend Server (10.10.10.10:8443)

 

F5 is performing port translation and applying web security policy

 

When client connect to "https://192.168.10.10/DRNClient" it's working successfully, then press on a button called "start DRN Client" to download java file to open the application , URL is changed to "https://10.10.10.10:8443/DRNClient/DrNClient.jnlp" and timed-out because we allow only inbound traffic for 192.168.10.10:443

 

i want to understand the issue and how to fix using F5

  

Thanks,

Mohanad

ASM Advanced WAF
security
TMOS
  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    May 19, 2020

    Hi,

    The VS port and address translation act only on network layer, while html content is at application layer.

    So you may need to rewrite the html content to proxy the explicit internal links.

    One option is by using a stream profile to rewrite that content.

    e.g.

    when HTTP_REQUEST {
    STREAM::disable
    HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {
    if { [HTTP::header Content-Type] contains "text" } {
        STREAM::expression {@https://10.10.10.10:8443@@}
        STREAM::enable
    }
}

    On server side:

    <a href="https://10.10.10.10:8443/DRNClient/DrNClient.jnlp">start DRN Client</a>

    On client side:

    <a href="/DRNClient/DrNClient.jnlp">start DRN Client</a>

    See:

    https://clouddocs.f5.com/api/irules/STREAM__expression.html

    Regards.