Forum Discussion

raj_Kumar_19166's avatar
raj_Kumar_19166
Icon for Nimbostratus rankNimbostratus
Feb 09, 2016

we have 3 external web urls which will come on our frontend f5 and redirect to internal web urls and use as a revers proxy

we have 3 external web urls which will come on our frontend f5 and redirect to internal web urls and use as a revers proxy   https://site3Ex.com   should redirect to   http://site3In.c...
application delivery
BIG-IP
iRules
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Feb 09, 2016

It's interesting how often this comes up, and the most important thing to understand here is the (potentially incorrect) use of the term "redirect". In HTTP-speak, and equally in BIG-IP iRules, a redirect is a flow control command. Given a typical reverse proxy configuration, where a client request flows through the proxy to the server, a redirect inserted at the proxy causes a preempt response back to client without passing traffic to the server. I'm assuming that's not what you want.

So based on your description, there are at least three requirements:

  1. Terminate the client side SSL and pass server side HTTP unencrypted
  2. Parse HTTP requests
  3. Modify the HTTP Host request header

The first is accomplished by incorporating a client SSL profile. The second is accomplished via attached HTTP profile. And the third can be a fairly straight forward iRule. I'm assuming here that all three external URLs are coming to the same virtual server and iRule.

when HTTP_REQUEST {
    switch [string to lower [HTTP::host]] {
        "site1ex.com" {
            HTTP::host "site1in.com"
        }
        "site2ex.com" {
            HTTP::host "site2in.com"
        }
        "site3ex.com" {
            HTTP::host "site3in.com"
        }
        default {
            HTT::host "site1in.com"
        }
    }
}