For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mohanad's avatar
Mohanad
Icon for Cirrostratus rankCirrostratus
May 13, 2020

unexpected redirection

Hi Everyone   this the network topology   Client (1.1.1.1) -----> F5 ASM (192.168.10.10:443) -----> Backend Server (10.10.10.10:8443)   F5 is performing port translation and applying web securi...
ASM Advanced WAF
security
TMOS
cjunior's avatar
cjunior
Icon for Nacreous rankNacreous
May 19, 2020

Hi,

The VS port and address translation act only on network layer, while html content is at application layer.

So you may need to rewrite the html content to proxy the explicit internal links.

One option is by using a stream profile to rewrite that content.

e.g.

when HTTP_REQUEST {
    STREAM::disable
    HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {
    if { [HTTP::header Content-Type] contains "text" } {
        STREAM::expression {@https://10.10.10.10:8443@@}
        STREAM::enable
    }
}

On server side:

<a href="https://10.10.10.10:8443/DRNClient/DrNClient.jnlp">start DRN Client</a>

On client side:

<a href="/DRNClient/DrNClient.jnlp">start DRN Client</a>

See:

https://clouddocs.f5.com/api/irules/STREAM__expression.html

Regards.