Web Access By Replacing host

A few things to consider:

1. You don't need SSL::disable serverside if all traffic to the pool is port HTTP. Just don't apply a server SSL profile.

    

2. The host name of the server should not include the protocol, so it would just be HTTP::header replace Host "server3.internalcompanydomain.com:1036"

    

3. It also looks like you're going to servers on different ports, so you either need a node command to send traffic to a specific node and port, or create a pool for each server and use the pool command.

    

4. Your branch condition for Branch2 suggests that you're looking for anything that starts with "/Branch2", but then you're ignoring any of that additional content, if any. Is that your intention?

    

5. All of this may work to get the requests to the servers, but if the servers respond to the client with object references with their real paths, you may run into other problems.

    

Kevin,

you guys are pros in iRules and I am not even a beginner, so please take it easy on me :)

so I guess I should ask the question differently to save everybody's time.

so what is is the correct way (iRule) to allow a connection to an external URL that remains the same in the browser while BigIP accesses a different one in the back-end:

these are examples:

https://www.CompanyExternalDomain.com/App1.web/vDir/Branch1 BigIP in the back-end Connects to http://Server1.CompanyInternalDomain.com:1034/App1.web/vDir/Branch1

https://www.CompanyExternalDomain.com/App2.web/vDir/Branch2 BigIP in the back-end Connects to http://Server2.CompanyInternalDomain.com:1035/App2.web/vDir/Branch2

https://www.CompanyExternalDomain.com/App3.web/vDir/Branch3 BigIP in the back-end Connects to http://Server3.CompanyInternalDomain.com:1036/App3.web/vDir/Branch3

Not to mention that I was told that there's a bug in OS build 11.2.0 hot fix 7 and I am not really sure what to do about it, but I have a case open with F5 support for that.

this iRule is needed for a past due project and it's on-hold and will remain until I get this iRule in place and functional, so I really need help with it.

Thanks in advance.

MJ

Okay, let's start with something simple and work from there. But first, I'd like to point out that the samples from your first post are different than your second. In the first post you indicated that the client would be using a shorter URI that started with "/Branch1" and that you'd need to rewrite that to a longer internal URI (/App1.web/vDir/Branch1). So this is how that version might look:

when HTTP_REQUEST {    
    switch -glob [string tolower [HTTP::uri]] {        
        "/branch1*" {            
            HTTP::header replace Host "Server1.CompanyInternalDomain.com:1034"
            HTTP::uri "/App1.web/vDir/Branch1"
            pool branch1_pool
        }
        "/branch2*" { 
            HTTP::header replace Host "Server2.CompanyInternalDomain.com:1035"
            HTTP::uri "/App2.web/vDir/Branch2"
            pool branch2_pool
        }
        "/branch3*" { 
            HTTP::header replace Host "Server3.CompanyInternalDomain.com:1036"
            HTTP::uri "/App3.web/vDir/Branch3"
            pool branch3_pool
        }
    }

In your second post, it appears the incoming URI is the same as internal URI, in which case you wouldn't have to do any URI translation. Here's what that might look like:

when HTTP_REQUEST {    
    switch -glob [string tolower [HTTP::uri]] {        
        "/app1.dev/vdir/branch1*" {            
            HTTP::header replace Host "Server1.CompanyInternalDomain.com:1034"
            pool branch1_pool
        }
        "/app2.dev/vdir/branch2*" { 
            HTTP::header replace Host "Server2.CompanyInternalDomain.com:1035"
            pool branch2_pool
        }
        "/app3.dev/vdir/branch3*" { 
            HTTP::header replace Host "Server3.CompanyInternalDomain.com:1036"
            pool branch3_pool
        }
    }        

In this case we're only evaluating the request URI and not changing it. In both cases you're changing the HTTP Host header and then sending the request to a specific pool. Again, the port number in the Host header suggests that the server is listening on this special port, so you either need to issue a node command to send the request to a specific node IP and port, or create separate pools for each application/port instance. It also doesn't appear that any back end service is using SSL, so you probably don't need a server SSL profile or the SSL::disable serverside command.

And last, if the first version is what you need (with URI translation), this should all work unless the server returns payload that contains references to the internal URI path. This may or may not be an issue, so no need to jump into troubleshooting steps just yet.

Not to mention that I was told that there's a bug in OS build 11.2.0 hot fix 7 and I am not really sure what to do about it, but I have a case open with F5 support for that.

Can you elaborate on this?

Kevin,

you have no idea how much I appreciate you taking the time to respond to my post. please disregard the bug thing, because this is being dealt with by F5 support right now, so the iRule is the main issue here.

is there a way for me to send you a private email so that I can use actual URLs / URIs so that you better understand the issue?

Thank you so much.

MJ

Kevin,

our group is running out of time and decided to go with iRule on demand service to get this done sooner, but I really appreciate you taking the time helping with this issue.

MJ