Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

f5 reverse proxy to remove ports in URI

ccmoore
Nimbostratus
Nimbostratus

‎14-Apr-2023 10:04

Hello,

I have to containers running on an internal docker host. Two apps presenting on two ports. 9445 and 42828.

I have one domain testws02.usneeded.com.

to hit the containers now we have to go to testws02.usneeded.com:9445 or testws02.usneeded.com:42828

I need to be able to go to testws02.usneeded.com/v9/ or testws02.usneeded.com/v10/ (not sure if the last / is required).

I've attempted to use the rewrite profile feature in f5 ltm 12.1.5 however it seems to only work for one of them the other isnt working. 

How would you guys do this?

Labels:
0 Kudos
5 REPLIES 5

Michael_Saleem
Cirrocumulus
Cirrocumulus

‎14-Apr-2023 12:09

You could try using a local traffic policy:

testws02.usneeded.com/v9   =>  testws02.usneeded.com:9445
testws02.usneeded.com/v10  =>  testws02.usneeded.com:42828

Replace <NODE IP> with the actual IP of the back-end server.
create ltm policy Drafts/POLICY-REWRITE-TESTWS02.USNEEDED.COM strategy all-match rules add { v9 { ordinal 0 conditions add { 0 { http-host host equals values { testws02.usneeded.com } } 1 { http-uri path starts-with values { /v9 } } } actions add { 0 { http-uri replace value / } 1 { forward select node <NODE IP>:9445 } } } v10 { ordinal 1 conditions add { 0 { http-host host equals values { testws02.usneeded.com } } 1 { http-uri path starts-with values { /v10 } } } actions add { 0 { http-uri replace value / } 1 { forward select node <NODE IP>:42828 } } } }

publish ltm policy Drafts/POLICY-REWRITE-TESTWS02.USNEEDED.COM

modify ltm virtual <VS NAME> policies add { POLICY-REWRITE-TESTWS02.USNEEDED.COM }

 

0 Kudos

CA_Valli
MVP
MVP

‎17-Apr-2023 01:29 - edited ‎17-Apr-2023 01:31

Client traffic comes on port :XXXXX already or is it HTTP(s) on standard port with the /vXX uri ? 
Do you backend server require the GET request to have the port specified? 

If you have only one virtual server, I'd configure two pools - one for port 42828 and one for port 9445 - and use a simple iRule (something like the following) to route traffic accordingly

 

 

when HTTP_REQUEST {
  if {[string tolower [HTTP::host]] ne "testws02.usneeded.com"}{ return }
  switch -regex [HTTP::uri] {
    ^\/v9\/   { pool p_testws02_9445 }
    ^\/v10\/  { pool p_testws02_42828 }
    default   { pool p_testws02_http }
  }
}

 

 

 

0 Kudos

ccmoore
Nimbostratus
Nimbostratus
In response to CA_Valli

‎19-Apr-2023 10:04

What pool is the default pool then? Do you mean have 3 pools?

0 Kudos

CA_Valli
MVP
MVP
In response to ccmoore

‎20-Apr-2023 05:18

You should specify a default staetment that matches connections that don't meet previous criteria, 

action can be anything you want - you can load balance it or you can drop it if that's the best option for you. 

0 Kudos

ccmoore
Nimbostratus
Nimbostratus
In response to CA_Valli

‎20-Apr-2023 07:32

Thanks for clarifying. 

 

when HTTP_REQUEST {
  if {[string tolower [HTTP::host]] ne "testws02.usneeded.com"}{ return }
  switch -regex [HTTP::uri] {

 

 

Can you help me to understand whats happening on the switch -regex line? Im asking because I'm getting 401's and wondering if the issue is there. It seems that there may be some header information not being forwarded of some sort. 

Im getting this error:

traceId"43e5abc0-1e8d-41bd-b369-49bfab8de3c7"
code401
description"Authorization failure. Authorization information was invalid or missing from your request."
message"Unauthorized"

\

0 Kudos
Copyright © 2023 Khoros, LLC