cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

F5 LTM - iRule that will replace the host, remove the path and send traffic to the specific pool

GwIDsON
Nimbostratus
Nimbostratus

Hi,

 

I have a standard VIP on port 443 with SSL client and servers side profile and some pool on port 443 as well.

 

What I need to implement on that VIP is: when the path begins with /VPC ( for example https://example.com/VPC) the host name (example.com) needs to be replaced by (example2.net) and path /VPC needs to be removed. After that this traffic (https://example2.net/) needs to be send to the specific pool (different than default but also on port 443). I suppose the iRule is the best option here. Unfortunately I cannot make simple 302 redirect...

 

Of course if the URI does not begin with /VPC the traffic needs to go to the default pool.

 

I found some similar cases on devcentral however neither of them match all the requirements.

 

4 REPLIES 4

Hi,

 

You can have below iRules on your VS to achieve your requirement.

 

iRule 1 -

 

when HTTP_REQUEST { if { ([HTTP::host] equals "example.com") && ([HTTP::uri] starts_with "/vpc") } { HTTP::respond 301 Location "https://example2.net" } }

iRule 2 - For Pool selection

 

when HTTP_REQUEST { switch [HTTP::host] {   "example2.net" {pool example2_pool} } }

You can bind these iRules to your virtual server so it will match for desired requests, rest requests will be forwarded to the default pool.

 

Hope it helps!

Mayur

Hi. I did not add that 301 also cannot be used. My bad, sorry for that The thing is that we cannot add DNS entry with example2.net. So the user can only connect using example.com and all the redirect to example2.net/ needs to be done on the F5. I hope it's possible. However I'm not sure if there will be an issue after the user will get the response from example2.net. It's complicated 😄

Hello, please correct me if my understanding is wrong. If user access example.com/vpc, you want to redirect request to separate pool and user/client should see example2.net URL under browser/application. And rest requests should be serve by default pool.

The rest request should also be sent to the pool for example2.net. I think I understand your point. For second request there might be no VCP in the path so user with example.com or example2.net will be directed to default pool. So...the user needs to see example2.net so his request can still be send to the second pool. Correct me if I am wrong but after the HTTP response the user will have the hostname from the web server that send him the data - example2.net/something. Even if no redirect has been send to him before. Then the second irule would do his job.