Forum Discussion
bookbinder_1115
Nimbostratus
NimbostratusUsing the F5 as a Reverse Proxy for RSA SecurID Self Service
Hey Everyone,
I am new to the F5 load balancer and iRules. From what I understand the F5 load balancer has the ability to act as a reverse proxy. In order to make the RSA device accessible from the w...
Stefan_Klotz
Cumulonimbus
CumulonimbusThis is our final iRule (which is more or less the ProxyPass Lite iRule), which is in production since some weeks now (it requires the parent stream-profile assigned to the VS first):
when HTTP_REQUEST {
if { not [class match [string tolower [HTTP::uri]] starts_with _allowed_uris] } {
HTTP::respond 301 Location "https://[HTTP::host]/console-selfservice/"
} else {
Prevent the server from sending compressed responses as LTM does not decompress them
HTTP::header remove "Accept-Encoding"
}
}
when HTTP_REQUEST_SEND {
Need to force the host header replacement and HTTP:: commands
into the clientside context as the HTTP_REQUEST_SEND event
is in the serverside context
clientside {
verify the selected server IP to specify its FQDN
if { [IP::addr [LB::server addr] equals ] } {
set server_hostname
} else {
set server_hostname
}
set server_port [LB::server port]
Replace the host header value
HTTP::header replace Host $server_hostname:$server_port
}
}
when HTTP_RESPONSE {
if { [HTTP::header exists Location] } {
HTTP::header replace Location [string map -nocase {":7004" "" ":7004" ""} [HTTP::header Location]]
}
Rewrite the response body if the response type is text
if { [HTTP::header "Content-Type"] starts_with "text/" } {
Configure the find/replace strings
STREAM::expression "@:7004@@ @:7004@"@"
Enable the stream filter
STREAM::enable
}
}
Everything else are default settings.
Ciao Stefan 🙂
