Forum Discussion
Yaniv_93956
Nimbostratus
NimbostratusUsing F5 as a proxy between two websites
Hello Devcentral,
I’m trying to set an IRule to act as a proxy between two websites without changing the URL in the user’s browser.
When user goes to
https://www.site1.com/test
The F5 should go to https://www.site2.com/test and reply to the user (as I said without changing the URL in his browser).
I tried this syntax but it doesn’t seem to be working:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/test" } {
HTTP::header replace Host "www.site2.com"
}
}
Can you please advise me what am I doing wrong here?
Tnx, Yaniv.
15 Replies
- nitass
Employee
i understand you also have to use pool or node command after replacing host header to send traffic to www.site2.com.
node Wiki
https://devcentral.f5.com/wiki/iRules.node.ashx 
What_Lies_Bene1Cirrostratus
Are you terminating the SSL on the BIG-IP? What exactly isn't working?
Yaniv_93956Hi Nitass\Steve,
Thank you for your replies,
Both sites (www.site1.com & www.site2.com) are published to the world by the F5 and the SSL is being terminated by the F5 ( by the way, version 10.2.3 build 112.0 Final).
After I applied the given syntax to the VIP I still get content from site1 instead from site2.
* I do know that the condition line is working well ( if { [HTTP::uri] starts_with "/test" } ) because regular redirecting working well:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/test" } {
HTTP::redirect https://www.site2.com[HTTP::uri]
}
}
but that is not what I need as this is changing the text in the user's browser.
Yaniv.- nitassif both sites are managed by bigip, you may use virtual command instead.
e.g.[root@ve10:Active] config b virtual bar1 list virtual bar1 { destination 172.28.19.252:80 ip protocol 6 rules myrule profiles { http {} tcp {} } } [root@ve10:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { if { [HTTP::uri] starts_with "/test" } { HTTP::header replace Host "www.site2.com" virtual bar2 } } } [root@ve10:Active] config b virtual bar2 list virtual bar2 { snat automap pool foo destination 1.1.1.1:80 ip protocol 6 } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve10:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.19.251(47230) <-> 172.28.19.252(80) 1358775742.2911 (0.0010) C>S --------------------------------------------------------------- GET /test/something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: www.site1.com --------------------------------------------------------------- New TCP connection 2: 172.28.19.251(47230) <-> 1.1.1.1(80) 1358775742.2913 (0.0000) C>S --------------------------------------------------------------- GET /test/something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: www.site2.com --------------------------------------------------------------- New TCP connection 3: 200.200.200.253(47230) <-> 200.200.200.101(80) 1358775742.2931 (0.0017) C>S --------------------------------------------------------------- GET /test/something HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: www.site2.com --------------------------------------------------------------- - What_Lies_Bene1OK, a few more questions then;
1) Is this the only iRule applied to the VS?
2) Where or what is site2? Is it hosted on the same servers as site1?
Also just FYI, you could add some logging just before the HTTP::header command. Something like 'log local0. "Matched /test URI, rewriting header" - What_Lies_Bene1Just noticed the flaw in your rule. You are checking the URI, not the host. I think you need to do both;
when HTTP_REQUEST { if { (([string tolower [HTTP::uri]] starts_with "/test") && ([string tolower [HTTP::host]] equals "www.site1.com")) } { HTTP::header replace Host "www.site2.com" } } - What_Lies_Bene1That should be '&&' by the way, not '&...'
- Yaniv_93956Hi Steve,
Thank you for your help.
I have tried the syntax you suggested but I still get content from site1 (I'm checking this by browsing to https://www.site1.com/test/1.txt and this is how I know if i get content from site1 or site2)
In answer to your questions:
1. This is the only IRule applied on this VIP.
2. Site2 is another VIP which use other nodes than the nodes of Site1.
3. i didnt quite understand how to add the logging to the rule, if you can give them within an example syntax I could add them.
Tnx, Yaniv. - What_Lies_Bene1OK, that clears things up somewhat, thanks to Nitass too. Try this which will forward traffic to the site2 Virtual Server after the header replacement;
when HTTP_REQUEST { if { (([string tolower [HTTP::uri]] starts_with "/test") && ([string tolower [HTTP::host]] equals "www.site1.com")) } { log local0. "Matched host site1.com and uri /test" HTTP::header replace Host "www.site2.com" virtual 'site2-VS-name' } } - Yaniv_93956Hi Steve,
That fixed it !!
well done mate, I've been trying to figure this out for few hours by now till I posted here.
Can you please explain why was it necessary to add the virtual server name to the syntax?
Thank you Nitass of course as well.
Yaniv.
