URL Rewrite profile not working

Would you be able to share the configurations of the virtual server and the rewrite profile here?

Hi JG,

Sure, for the Virtual Server the settings are pretty standard:

Type: Standard

Source Address: 0.0.0.0/0

Destination Address/Mask: 192.168.25.54

Service: 443 HTTPS

Protocol: TCP

Protocol Profile (Client): tcp-wan-optimized

Protocol Profile (Server): tcp-lan-optimized

HTTP Profile: http

VLAN and Tunnel Traffic: All VLANS and Tunnels

Source Address Translation: Auto Map

Rewrite Profile: my_proxy_profile

HTML Profile: html

As for the Rewrite Profile, i have attached a screen shot to this post.

Thanks

Hi,

perhaps the question is still open?

For testing I'm using a virtual server on a 2nd BIG-IP (might be located on the same BIG-IP and addressed via iRule "virtual" command.

The iRule returns the internally seen parameters (as modified by the rewrite profile):

when HTTP_REQUEST {
   set internal_domain  [join [lrange [split [getfield [HTTP::host] ":" 1] "."] 1 end] "."]
   HTTP::respond 301 \
       content " \
           internal host  : [getfield [HTTP::host] ":" 1]\r\n \
           internal path  : [URI::path [HTTP::uri]]\r\n \
           internal base  : [URI::basename [HTTP::uri]]\r\n \
           internal query : [HTTP::query]\r\n \
           internal domain: ${internal_domain}\r\n" \
       noserver \
       Content-Type "text/plain" \
       Location https://[HTTP::host][HTTP::uri] \
       Date [clock format [clock seconds] -format {%a, %b %d %Y %H:%M:%S GMT} -gmt 1] \
       Set-Cookie "TrackingMe=[format %09d [expr int(rand()*1e9)]]; Domain=${internal_domain}; Path=[URI::path [HTTP::uri]]" \
       Connection Close
}

The rewrite profile and the virtual server on the device under test looks as follows:

ltm virtual vs_test-rewrite_443 {
    destination 10.131.131.53:443
    ip-protocol tcp
    mask 255.255.255.255
    pool pool_rewrite-test
    profiles {
        clientssl-secure {
            context clientside
        }
        http2 { }
        http { }
        profile_test-rewrite { }
        serverssl {
            context serverside
        }
        tcp { }
    }
}
 
ltm profile rewrite profile_test-rewrite {
    bypass-list none
    client-caching-type cache-css-js
    defaults-from rewrite
    java-ca-file ca-bundle.crt
    java-crl none
    java-sign-key default.key
    java-sign-key-passphrase-encrypted none
    java-signer default.crt
    location-specific false
    request {
        insert-xforwarded-for enabled
        insert-xforwarded-host enabled
        insert-xforwarded-proto enabled
        rewrite-headers enabled
    }
    response {
        rewrite-content enabled
        rewrite-headers enabled
    }
    rewrite-list none
    rewrite-mode uri-translation
    set-cookie-rules {
        cookie_1597831515516 {
            client {
                domain lb-net.bit
                path /prefixext/
            }
            server {
                domain lb-net.internal
                path /prefixint/
            }
        }
    }
    split-tunneling false
    uri-rules {
        uri_1597822570761 {
            client {
                path /prefixext/
            }
            server {
                host test.lb-net.internal
                path /prefixint/
                scheme https
            }
        }
    }
}

Testing with cURL returns the expected results:

$ curl -svk https://test.lb-net.bit:443/prefixext/test.label/object?query=test --resolve test.lb-net.bit:443:10.131.131.53
* Added test.lb-net.bit:443:10.131.131.53 to DNS cache
* Hostname test.lb-net.bit was found in DNS cache
*   Trying 10.131.131.53...
* Connected to test.lb-net.bit (10.131.131.53) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*        SSL certificate verify result: self signed certificate (18), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* TCP_NODELAY set
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x1735150)
> GET /prefixext/test.label/object?query=test HTTP/1.1
> Host: test.lb-net.bit
> User-Agent: curl/7.47.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2.0 301
< content-type:text/plain
< location:https://test.lb-net.bit/prefixext/test.label/object?query=test
< date:Wed, Aug 19 2020 12:48:04 GMT
< set-cookie:TrackingMe=480369567; Domain=lb-net.bit; Path=/prefixext/test.label/
<
  internal host  : test.lb-net.internal
  internal path  : /prefixint/test.label/
  internal base  : object
  internal query : query=test
  internal domain: lb-net.internal

Both redirect (host and path) and the cookie domain and path set by the server are properly rewritten.

The setup above was tested on TMOS v12.1.4.1 with HTTP/1.1 and HTTP/2.

Be aware, that a stream profile and disabled serverside compression might be required as well to replace references in the payload.

The rewrite profile above just modifies the http-protocol data but not the the delivered payload.

Cheers, Stephan