Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

How to Forward traffic via F5

Go to solution
RAQS
Cirrus
Cirrus

‎28-Jun-2022 10:36

Hi Team,

I need to forwrad tha traffic based on URI  from one domain to another and this should not visible in browser.

For ex:- When user hit "https://api-q.abc.com:443/lontools-java" then F5 should forward the traffic to " https://cp.api.us01a.xyz.com/qiontools-java" and user should not able to see this change in URL in browser. For user it will remain same as "https://api-q.abc.com:443/lontools-java".

Regards,
RAQS

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Dario_Garrido
MVP
MVP
In response to RAQS

‎19-Jul-2022 08:44

Hello RAQS,

Sorry for the late response, but I'm on holiday.

Taking into account your backend server is outside of your network (in Cloud), these are your chances:

1. Using redirection.

----------                                                    |--------|
| Client |---------- GET https://api-q.abc.com... ----------->|   F5   |
|        |<-- 302 Redirect (https://cp.api.us01a.xyz.com...)--|        |
----------                                                    |--------|
|--------|                                                    |--------|
| Client |------- GET https://cp.api.us01a.xyz.com... ------->| Cloud  |
|        |<---------------------- 200 OK ---------------------| Server |
|--------|                                                    |--------|

The redirection will occur transparently for the client, but the URL in the browser will change. 

2. Using rewrite profile ( + policy for selecting a different pool)

----------                                                    |--------|
| Client |---------- GET https://api-q.abc.com... ----------->|   F5   |
|        |<---------------------- 200 OK ---------------------|        |
----------                                                    |--------|
|--------|                                                    |--------|
| F5     |------- GET https://cp.api.us01a.xyz.com... ------->| Cloud  |
|        |<---------------------- 200 OK ---------------------| Server |
|--------|                                                    |--------|

The F5 will receive the query from the client and will replace the host header and URI. This implies that F5 has to reach the cloud server in order to serve the service.

If this resource requires to use of a different backend server different than the default one, you can configure a policy to change the pool (to your Cloud Server) when the URL matches "https://api-q.abc.com:443/lontools-java".

3. Using iRules (not so efficient as point 2, but also feasible)

when HTTP_REQUEST {
	if { [HTTP::host] eq "api-q.abc.com"}{
		if { [HTTP::uri] contains "lontools-java"} {
			HTTP::header replace Host "cp.api.us01a.xyz.com"
			HTTP::uri "/qiontools-java"
			pool test_pool
		}
	}
}

Using the previous iRule, the host header, the URI, and the pool will change when the condition matches.

This is simple to configure and test, but take into account that only the request packet will be replaced, if you need to modify some of the content of the cloud server, you will need to use a rewrite profile (or dig into the payload using iRules).

If this was helpful, please, don't forget to rate my answer as resolved or gimme some upvotes.

 

Regards,
Dario.

View solution in original post

13 REPLIES 13

Go to solution
Dario_Garrido
MVP
MVP

‎29-Jun-2022 00:03

Hello RAQS,

You can get this using a rewrite profile
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-12-1-0/17.h...

 

Regards,
Dario.
0 Kudos

Go to solution
RAQS
Cirrus
Cirrus
In response to Dario_Garrido

‎29-Jun-2022 02:43

Hi Dario,

Thanks for replying. Is it tested solution or do i need to test it ?

Regards,

RAQS

0 Kudos

Go to solution
RAQS
Cirrus
Cirrus
In response to RAQS

‎29-Jun-2022 04:05

Hi Dario,

I tried this but its not working. Can you please help me to get the solution.

 

Regards,

RAQS

0 Kudos

Go to solution
RAQS
Cirrus
Cirrus

‎29-Jun-2022 07:56

Hi Dario/All,

Do we have anything as HTTP :: Forward in F5 instaed of redirect.

If so what will be the difference between forward and redirect of a URL.

Please help me in acheiving this.

 

Regards,

RAQS

0 Kudos

Go to solution
Dario_Garrido
MVP
MVP

‎30-Jun-2022 02:11 - edited ‎30-Jun-2022 02:12

Hello RAQS.

There are many examples of dealing with reverse proxy solutions in DC.
For example, with iRule you can do something like this:
https://community.f5.com/t5/technical-forum/simple-reverse-proxy-with-irules/m-p/226860

But take into account that, depending on your application, you could need to replace the hostname in the REQUEST and the RESPONSE (location header). That's the reason I prefer to use a rewrite profile instead.

 

Regards,
Dario.
0 Kudos

Go to solution
RAQS
Cirrus
Cirrus
In response to Dario_Garrido

‎01-Jul-2022 11:28

Thanks for your time and Parience Dario. So i applied http rewrite policy, but when i apply it site goes down.

There are some dynamic values in URI. Is that making any differences ?

 

Regards,

Raqs

0 Kudos

Go to solution
Dario_Garrido
MVP
MVP
In response to RAQS

‎02-Jul-2022 01:35

Hello RAQS. 

It's hard to know what is failing because each website is completely different.

Your chance is to use iRules to troubleshoot what is being rewritten and what not.

Capturing traffic with tcpdump + decrypting ssl (https://support.f5.com/csp/article/K12783074) is always a great deal.

 

Regards,
Dario.
0 Kudos

Go to solution
RAQS
Cirrus
Cirrus
In response to Dario_Garrido

‎02-Jul-2022 04:14

Hi Dario,

Really appreciate your time and patience with me. Thanks for all your effort. I took capture and what i oserved that F5 is rewriting host but it is communicating to backend member instead of redirecting. 

WIth Irule it is not communicating with backend member. 

Note :- Rediected URL is not hosted in F5. Its in AWS.

Do i need to do some modifucation in rewrite policy or this can not be possible with F5 ?

0 Kudos

Go to solution
Dario_Garrido
MVP
MVP
In response to RAQS

‎09-Jul-2022 01:09

Hello RAQS. 

I think you are mixing concepts. 

  • Redirecting (302 response) - it points the client to a new website, this access is not masked, the client will see the new URL in him/her browser. 
  • Rewriting (200 response) - the F5 manage both flows of the connection and the access is completely masked.

 

Regards,
Dario.
0 Kudos

Go to solution
RAQS
Cirrus
Cirrus
In response to Dario_Garrido

‎11-Jul-2022 05:53

Hi Dario,

 

Yeah i understand the difference between two concepts. May be i am not able to express my query in narritive way. let me give another try. 

user hit "https://api-q.abc.com:443/lontools-java" then F5 should forward the traffic to " https://cp.api.us01a.xyz.com/qiontools-java" and user should not able to see this change in URL in browser. For user it will remain same as "https://api-q.abc.com:443/lontools-java".

with "rewrite" option it seems cp.api.us01a.xyz.com need to be on default pool of LB VIP. But here the situtaion is that this URL is hosted on Cloud. So i am using below iRule to get this done.

when HTTP_REQUEST {
if { [HTTP::host] eq"api-q.abc.com"}{
if { [HTTP::uri] contains "lontools-java/"} {
HTTP::header replace Host "cp.api.us01a.xyz.com[HTTP::uri]"
pool test_pool
}

}
}
In test_pool, i have defined the IP of URL "cp.api.us01a.xyz.com" and made the connectivity between self ip and IP of new URL (cp.api.us01a.xyz.com). Do you think will this work ? I am yet to test as need couple of approval to allow F5 to communicate with Cloud , tough it doesnt seems to best pratice to me.

 

Regards,

RAQS

0 Kudos

Go to solution
RAQS
Cirrus
Cirrus
In response to RAQS

‎13-Jul-2022 08:59

Hi Dario,

Did you get chance to look above explanation. It will be very helpful for me to get this done. I really appreacite your time and dedication so far.

Regards,

RAQS

0 Kudos

Go to solution
RAQS
Cirrus
Cirrus
In response to RAQS

‎18-Jul-2022 08:34

Hi Dario/Team,

Can you please help me and correct if my suggested solution is correct or not.

Regards,

RAQS

0 Kudos

Go to solution
Dario_Garrido
MVP
MVP
In response to RAQS

‎19-Jul-2022 08:44

Hello RAQS,

Sorry for the late response, but I'm on holiday.

Taking into account your backend server is outside of your network (in Cloud), these are your chances:

1. Using redirection.

----------                                                    |--------|
| Client |---------- GET https://api-q.abc.com... ----------->|   F5   |
|        |<-- 302 Redirect (https://cp.api.us01a.xyz.com...)--|        |
----------                                                    |--------|
|--------|                                                    |--------|
| Client |------- GET https://cp.api.us01a.xyz.com... ------->| Cloud  |
|        |<---------------------- 200 OK ---------------------| Server |
|--------|                                                    |--------|

The redirection will occur transparently for the client, but the URL in the browser will change. 

2. Using rewrite profile ( + policy for selecting a different pool)

----------                                                    |--------|
| Client |---------- GET https://api-q.abc.com... ----------->|   F5   |
|        |<---------------------- 200 OK ---------------------|        |
----------                                                    |--------|
|--------|                                                    |--------|
| F5     |------- GET https://cp.api.us01a.xyz.com... ------->| Cloud  |
|        |<---------------------- 200 OK ---------------------| Server |
|--------|                                                    |--------|

The F5 will receive the query from the client and will replace the host header and URI. This implies that F5 has to reach the cloud server in order to serve the service.

If this resource requires to use of a different backend server different than the default one, you can configure a policy to change the pool (to your Cloud Server) when the URL matches "https://api-q.abc.com:443/lontools-java".

3. Using iRules (not so efficient as point 2, but also feasible)

when HTTP_REQUEST {
	if { [HTTP::host] eq "api-q.abc.com"}{
		if { [HTTP::uri] contains "lontools-java"} {
			HTTP::header replace Host "cp.api.us01a.xyz.com"
			HTTP::uri "/qiontools-java"
			pool test_pool
		}
	}
}

Using the previous iRule, the host header, the URI, and the pool will change when the condition matches.

This is simple to configure and test, but take into account that only the request packet will be replaced, if you need to modify some of the content of the cloud server, you will need to use a rewrite profile (or dig into the payload using iRules).

If this was helpful, please, don't forget to rate my answer as resolved or gimme some upvotes.

 

Regards,
Dario.
Copyright © 2023 Khoros, LLC