URL rewrite..

Question

Hello all,&nbsp;
&nbsp;here's what i'm trying to do:&nbsp;
&nbsp;There is a site with both internal and external URL's (INT dev.site.sub, EXT dev.site.net) where the external URL is fronted by an LTM.&nbsp;
&nbsp;Sections of this site (/rweb) are protected via Siteminder.&nbsp;
&nbsp;When you hit the internal URL dev.site.sub/rweb, Siteminder kicks in and presents dev.site.sub/siteminder.. and requests authentication - which all works perfectly, as everything is within our CN.&nbsp;
&nbsp;When you hit the external URL dev.site.net/rweb, Siteminder kicks in but still presents dev.site.sub/siteminder.. which is fine if you happen to be in the CN, but obviously not over the web. &nbsp;
&nbsp;What I would like to do is have the LTM rewrite the URL, such that when Siteminder presents dev.site.sub/siteminder, the iRule rewrites that to dev.site.net/siteminder etc.. &nbsp;
&nbsp;I have read Kirk's ProxyPass iRule and given it a go, but still cannot get it to work (unfortunately I am not given any errors in the log). &nbsp;
&nbsp;I have working rules which rewrite the URL, but ideally only want this rule to rewrite everything behind /siteminder..&nbsp;
&nbsp;Can anyone suggest anything else to try?

kirk_bauer_1018 · Answer

ProxyPass as it is written today assumes the client will ask for a URL which we will then translate, not that a server will redirect to a name that needs to be translated (although that is something I may need to consider).  Try this rule out:&nbsp;
&nbsp;when HTTP_RESPONSE {
&nbsp;   if { [HTTP::header exists "Location"] } {
&nbsp;      if { [HTTP::header] starts_with "http://dev.site.sub" } {
&nbsp;         set remainder [substr [HTTP::header "Location"] 20]
&nbsp;         HTTP::header replace "Location" "http://dev.site.net/$remainder"
&nbsp;      }
&nbsp;   }
&nbsp;}&nbsp;
&nbsp;Untested, but it should give you a place to start.&nbsp;

ian_amos_37833 · Answer

Hmmm.. thanks for this.
Using: when HTTP_RESPONSE {
if { [HTTP::header exists "Location"] } {
if { [HTTP::header starts_with "http://dev.site.sub/siteminder"] } {
set remainder [substr [HTTP::header "Location"] 20]
HTTP::header replace "Location" "http://dev.site.net/siteminder/$remainder"
}
}
}
I get the following error in the logs:http_process_state_prepend - Invalid action EV_EGRESS_DATA during ST_HTTP_PREPEND_HEADERS
Also, what can I use as an 'ignore' statement? i.e., I need something as a catch-all for the traffic that is not behind /siteminder..

kirk_bauer_1018 · Answer

All I can find on that error is here:&nbsp;
&nbsp;http://devcentral.f5.com/Default.aspx?tabid=53&amp;view=topic&amp;forumid=5&amp;postid=4343

joe_pruitt · Answer

Posted By IanAmos  on  08/31/2007 7:00 AM&nbsp;
&nbsp;...&nbsp;&nbsp;when HTTP_RESPONSE {
if { [HTTP::header exists "Location"] } {
if { [HTTP::header starts_with "http://dev.site.sub/siteminder"] } {
set remainder [substr [HTTP::header "Location"] 20]
HTTP::header replace "Location" "http://dev.site.net/siteminder/$remainder"
}
}
}&nbsp;
&nbsp;I get the following error in the logs:&nbsp;&nbsp;http_process_state_prepend - Invalid action EV_EGRESS_DATA during ST_HTTP_PREPEND_HEADERS&nbsp;
&nbsp;...&nbsp;&nbsp;&nbsp;
&nbsp;I see a couple of issues with your code.&nbsp;
&nbsp;1. It seems that you have your second if statement incorrect.  There is no "HTTP::header starts_with" command.  I think you might have meant to compare the "Location" header with "http://dev.site.sub/siteminder".&nbsp;
&nbsp;2. Your substr command is pulling off everything past http://dev.site.sub/ so for a uri of "http://dev.site.sub/siteminder/foo/bar", remainder will be "siteminder/foo/bar" and your replacement header will be "http://dev.site.net/siteminder/siteminder/foo/bar" (notice the extra siteminder).  If this is what you were intending, then ignore 2 but it kind of stuck out to me.&nbsp;&nbsp;when HTTP_RESPONSE {
  if { [HTTP::header exists "Location"] } {
     1: compare Location header with uri
    if { [HTTP::header "Location"] starts_with "http://dev.site.sub/siteminder" } {
      set remainder [substr [HTTP::header "Location"] 20]
       2: removed "siteminder/" from replacement string
      HTTP::header replace "Location" "http://dev.site.net/$remainder"
    }
  }
}&nbsp;
&nbsp;Or, a more optimized version:&nbsp;&nbsp;when HTTP_RESPONSE {
  if { [HTTP::header exists "Location"] } {
    if { [HTTP::header "Location"] starts_with "http://dev.site.sub/siteminder" } {
      HTTP::header replace "Location" "http://dev.site.net/[substr [HTTP::header "Location"] 20]"
    }
  }
}&nbsp;
&nbsp;See if that fixes things up...&nbsp;
&nbsp;-Joe

ian_amos_37833 · Answer

Posted By Joe  on  08/31/2007 10:42 AM
Or, a more optimized version:when HTTP_RESPONSE {
  if { [HTTP::header exists "Location"] } {
    if { [HTTP::header "Location"] starts_with "http://dev.site.sub/siteminder" } {
      HTTP::header replace "Location" "http://dev.site.net/[substr [HTTP::header "Location"] 20]"
    }
  }
}
See if that fixes things up...
-Joe
Thanks, I understand this rule a bit better. 
I'm still getting the below error:7 http_process_state_prepend - Invalid action EV_EGRESS_DATA during ST_HTTP_PREPEND_HEADERS
I'm going to read up on TCPDump and see what's happening.

Forum Discussion

URL rewrite..

5 Replies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

F5 asm/awaf

APM VPN LDAP POOL can't contact ldap server.

Cannot ping external interface

Disastser Recovery

F5 breaking Exchange authentication

Related Content

URL rewrite

URL Rewrite

URL Rewrite/ProxyPass Functionality

URL rewrite through iRule

URL Rewrite?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS