we have 3 external web urls which will come on our frontend f5 and redirect to internal web urls and use as a revers proxy

It's interesting how often this comes up, and the most important thing to understand here is the (potentially incorrect) use of the term "redirect". In HTTP-speak, and equally in BIG-IP iRules, a redirect is a flow control command. Given a typical reverse proxy configuration, where a client request flows through the proxy to the server, a redirect inserted at the proxy causes a preempt response back to client without passing traffic to the server. I'm assuming that's not what you want.

So based on your description, there are at least three requirements:

1. Terminate the client side SSL and pass server side HTTP unencrypted
2. Parse HTTP requests
3. Modify the HTTP Host request header

The first is accomplished by incorporating a client SSL profile. The second is accomplished via attached HTTP profile. And the third can be a fairly straight forward iRule. I'm assuming here that all three external URLs are coming to the same virtual server and iRule.

when HTTP_REQUEST {
    switch [string to lower [HTTP::host]] {
        "site1ex.com" {
            HTTP::host "site1in.com"
        }
        "site2ex.com" {
            HTTP::host "site2in.com"
        }
        "site3ex.com" {
            HTTP::host "site3in.com"
        }
        default {
            HTT::host "site1in.com"
        }
    }
}

Thanks Kevin for your responses.

indeed, its looks same requirements. I will be incorporating a client SSL profile suppose if i will use port 443 on VIP still HTTP profile required?

i am using only single public IP to VIP for all three web urls.

Kevin could you please explain why you used default {HTT::host "site1in.com" } at the end.

i hope it should be work my requirement is looks same, i will apply and update you.

appreciating your effort.

I will be incorporating a client SSL profile suppose if i will use port 443 on VIP still HTTP profile required?

Yes, you'll still need and HTTP profile on the VIP to be able to use the above iRule.

could you please explain why you used default {HTT::host "site1in.com" } at the end.

It was a guess. It's always good to include a "default" condition in a switch, so I guessed at what you'd want if the host name didn't match any of the previous tests.

Kevin meant

HTTP::host "site1in.com"

not

HTT::host "site1in.com"

Hello, Kevin good afternoon.

I have prepared iRule below, could you please verify will work or not?

when HTTP_REQUEST { if {[string tolower [HTTP::host]] equals "site1ex.com"} { HTTP::redirect "http://site1in.com" }

   elseif {[string tolower [HTTP::host]] equals "site2ex.com"} {
    HTTP::redirect "http://site2in.com"
 } 

elseif { [string tolower [HTTP::host]] equals "site3ex.com"} {
HTTP::redirect "http://site3in.com"
}
 }

i am not sure but i hope it should also work as its if condition only.

Hi Raj_Kumar,

it will work, but I would recommend to change the syntax slightly, so that you execute the

[string tolower]

HTTP_REQUEST

when HTTP_REQUEST { 
    set low_host [string tolower [HTTP::host]]
    if { $low_host equals "site1ex.com" } then { 
        HTTP::redirect "http://site1in.com" 
    } 
    elseif { $low_host equals "site2ex.com" } then {
        HTTP::redirect "http://site2in.com"
    } 
    elseif { $low_host equals "site3ex.com" } then {
        HTTP::redirect "http://site3in.com"
    }
}

Cheers, Kai

You may also want to add an else condition, unless you're certain that all requests will contain one of these three host names.

no no no Kevin all request will not contain one of these three host names. I just asked about the else rule that is this correct or not might be I am wrong. the hostname is defined, which will redirect to whom like below.

https://site1Ex.com --> http://site1in.com https://site2Ex.com --> http://site2in.com https://site3Ex.com --> http://site3in.com

request should be like above. and all external web URLs (https://site1ex.com .....) will use a common Virtual server.

and all internal web urls having below IP address site1in.com-> 10.10.10.1, site2in.com ->10.10.10.2, site3in.com ->10.10.10.3

then where we will assign these ip address ? so external traffic will goto internal web urls. how it will deside? is need pool member or not?

no no no Kevin all request will not contain one of these three host names. I just asked about the else rule that is this correct or not might be I am wrong. the hostname is defined, which will redirect to whom like below.

https://site1Ex.com --> http://site1in.com https://site2Ex.com --> http://site2in.com https://site3Ex.com --> http://site3in.com

request should be like above. and all external web URLs (https://site1ex.com .....) will use a common Virtual server.

and all internal web urls having below IP address site1in.com-> 10.10.10.1, site2in.com ->10.10.10.2, site3in.com ->10.10.10.3

then where we will assign these ip address ? so external traffic will goto internal web urls. how it will deside? is need pool member or not?

Hi Ray_Kumar,

I belive you don't want the request for https://site1Ex.com to become just HTTP redirected to isn't it?

Is the scenario you're trying to achive a classical reverse proxy setup, where...

1. The external client would request https://site1ex.com
2. The external client would hit your F5
3. The F5 has to rewrite the HTTP host name from site1ex.com to site1in.com
4. The F5 has to forward the request to 10.10.10.1:443 using site1in.com as host name
5. The F5 has to forward the responses back to your client, while replacing any hints of site1in.com to site1ex.com

Cheers, Kai