Forum Discussion
NimbostratusWe have an external web url which will come on our frontend f5 VIP but server is responding to the external passing the F5, needs to route back to F5
we have an external web url which will come on our frontend f5 VIP and redirect to internal pools, but the pool is currently responding to the actual source instead of F5 VIP due to HTTP header embedded to go through the proxy. Due to the TLS issue we have to modify this and the requirement is that the backend pool should respond to F5 VIP instead of responding directly to proxy.
Curretnly the setup is like this ---> F5 VIP --> Backend Pool --->https://abcd.com
Requirement is:
---> F5 VIP --> Backend Pool --->F5 VIP ---> https://abcd.com
The backend pool/server certificate and https://abcd.com are not compatible with TLS and hence wanted to route the traffic from backend pool to F5 VIP to fix the SSL issue.
How do we modify the original abcd.com HTTP header so that the backend pool will not repond directly and needs to respond to actual VIP, like a full-proxy?
Thanks, Kalpa
2 Replies
Vijay_ECirrus
As long as you have the routes on the pool members pointing to the F5, it should go through the F5. I am assuming that the default routes on the pool members are pointing to some other router. In this case, you can add SNAT pool or SNAT Automap to force response traffic to go through the F5.
- Vijay_E
Domain masking:
when HTTP_REQUEST { if { [HTTP::host] contains "abcd.com" } { HTTP::host [string map {abcd.com xyz.com} [HTTP::host]] } when HTTP_RESPONSE { if { [HTTP::header values Location] contains "xyz.com" } { HTTP::header replace Location [string map {xyz.com abcd.com} [HTTP::header value Location]] } }
