Forum Discussion

AngryCat_52750's avatar
AngryCat_52750
Icon for Nimbostratus rankNimbostratus
Nov 30, 2012

URL re-write for Sharepoint

So we implemented the F5 through APM as a replacement to ISA last night.. and the new flow is as such.

 

User -> https://test.example.com/ -> firewall -> F5 (ssl decrypt and send on to pool) -> sharepoint server

 

Ran into a snag.. the Sharepoint server is expecting test_abc.example.com as a host.

 

Can I implement this irule to work around that?

 

when HTTP_REQUEST {

 

HTTP::host replace Host "test_abc.example.com"

 

}

 

application delivery
dev
devops
iRules

6 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 30, 2012
    e.g. 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:443
   ip protocol 6
   rules myrule
   profiles {
      clientssl {
         clientside
      }
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   HTTP::header replace Host "test_abc.example.com"
}
}

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80 or port 443 -k /config/ssl/ssl.key/default.key
New TCP connection 1: 172.28.20.11(57792) <-> 172.28.19.79(443)
1 1  1354285525.0756 (0.0948)  C>SV3.1(96)  Handshake
1 2  1354285525.0757 (0.0000)  S>CV3.1(81)  Handshake
1 3  1354285525.0757 (0.0000)  S>CV3.1(953)  Handshake
1 4  1354285525.0757 (0.0000)  S>CV3.1(4)  Handshake
1 5  1354285525.0808 (0.0050)  C>SV3.1(262)  Handshake
1 6  1354285525.0808 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
1 7  1354285525.0808 (0.0000)  C>SV3.1(36)  Handshake
1 8  1354285525.1009 (0.0201)  S>CV3.1(1)  ChangeCipherSpec
1 9  1354285525.1009 (0.0000)  S>CV3.1(36)  Handshake
1 10 1354285525.1047 (0.0037)  C>SV3.1(178)  application_data
    ---------------------------------------------------------------
    GET / HTTP/1.1
    User-Agent: curl/7.19.7 (i686-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8x zlib/1.2.3 libidn/0.6.5
    Accept: */*
    Host: test.example.com

    ---------------------------------------------------------------
New TCP connection 2: 200.200.200.10(57792) <-> 200.200.200.101(80)
1354285525.1069 (0.0009)  C>S
---------------------------------------------------------------
GET / HTTP/1.1
User-Agent: curl/7.19.7 (i686-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8x zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: test_abc.example.com

---------------------------------------------------------------
  • AngryCat_52750's avatar
    AngryCat_52750
    Icon for Nimbostratus rankNimbostratus
    Nov 30, 2012

    Nitass if this request is coming from the APM first, would i need to do this instead?

    
when ACCESS_ALLOWED {

    Check if requested host doesn't start with test.example.com
   if {not ([string tolower [HTTP::host]] starts_with "test.example.com")}{

       Replace the host header value with test_abc.example.com
      HTTP::header replace Host "test_abc.example.com"
   }
}

  • AngryCat_52750's avatar
    AngryCat_52750
    Icon for Nimbostratus rankNimbostratus
    Nov 30, 2012
    Should this be an irule as part of the LTM process or as an irule event in the APM process?? kinda confused now :(
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 30, 2012
    i never did apm before. anyway, isn't ltm event triggered before?

     

     

    HTTP Event Order -- Access Policy Manager by Jason

     

    https://devcentral.f5.com/tutorials/tech-tips/http-event-order-access-policy-manager