cancel
Showing results for 
Search instead for 
Did you mean: 

http redirect mask

cymru81
Altocumulus
Altocumulus

Hi, we have a site eg. abc.host.com that comes in and gets redirected to http://def:8080/123/456 (an internal box). I have applied the following irule to do this:

 

when HTTP_REQUEST {

 

HTTP::redirect "http://def:8080/123/456"

 

}

 

This works fine just the end user sees "http://def:8080/123/456" in their address bar. Is there anyway to change this so they see http://abc.host.com ?

 

Thanks

 

15 REPLIES 15

Konsta_129111
Nimbostratus
Nimbostratus
There was one example of reverse proxy in code samples, try to check there.

cymru81
Altocumulus
Altocumulus

thanks for that, i am new to all this so could you provide a link or example if possible?

 

Syafiq_89483
Cirrus
Cirrus

thanks for that, i am new to all this so could you provide a link or example if possible?

 

maybe this one?

 

https://devcentral.f5.com/questions/http-redirect-1130

 

cymru81
Altocumulus
Altocumulus

thanks, my re-direct works perfect, its just i dont want the re-directed URL shown in the address bar, just the source URL, if that makes sense?

 

Syafiq_89483
Cirrus
Cirrus

thanks, my re-direct works perfect, its just i dont want the re-directed URL shown in the address bar, just the source URL, if that makes sense?

 

interesting case! but i'm not sure whether it's doable with irules or not.

 

cymru81
Altocumulus
Altocumulus

is there anyway to do this then? 🙂

 

What_Lies_Bene1
Cirrostratus
Cirrostratus

Any literal links and HTTP Location headers in the response payload will need to be rewritten if you want to do this properly. You'll also need to create a flexible redirect to cover all possible URLs and of course, if SSL is involved, it'll break. Not worth the effort as far as I'm concerned.

 

Kevin_Stewart
F5 Employee
F5 Employee

How you do this depends on a few factors.

 

  1. Is it JUST this URL or are there many to map?
  2. Does the Host header have to change to "def:8080" for the back end server to accept it?

At the very least, assuming no to both questions above, you can do something like this:

 

when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::uri "/123/456" } }

If the URI is "/", then transparently replace the URI in the request with "/123/456". If the server doesn't need the "def:8080" Host header, and since you're already load balancing to port 8080, this might work for the simplest site. Anything more complex and you have to start looking at things like ProxyPass - an iRule/datagroup combo that does mass translation from/to external/internal Hosts, URIs, and pools.

 

In any case, the HTTP::uri command silently changes the request URI inbound, so that the client never sees this in the browser.

 

cymru81
Altocumulus
Altocumulus

it is just this URL and it does need to use the specific port...?

 

Kevin_Stewart
F5 Employee
F5 Employee

it is just this URL and it does need to use the specific port...?

 

The port is already defined in the pool, so what I meant was if the server required a different Host header in the request. If you do nothing, the Host header in the request (what the server will see) will be "abc.host.com", while the server may actually need "def:8080". It's rare, but it does happen. If it doesn't care about the Host header, then you don't need to worry about it.

 

cymru81
Altocumulus
Altocumulus

Ah ok, that makes a bit more sense to me!

 

This could be incorrect, I was using a pool but I've found this isn't needed since I applied the iRule? I disabled the members of the pool to test and it still re-directs?

 

How would I write the irule in my scenario?

 

Kevin_Stewart
F5 Employee
F5 Employee

A pool is really just a layer 3/4 path to a service and has nothing to do with URIs. If you've disabled all of the members of the pool, then you shouldn't be getting to the application.

 

The HTTP::uri command simply changes the URI in the request as it passes through the proxy to the pool. The client doesn't see it.

 

The HTTP::redirect command issues an immediate 302 redirect response to the client. The Location header in this response tells the client to make a new request to the specified URL. If you issue a redirect in the iRule, traffic will not pass to the pool.

 

cymru81
Altocumulus
Altocumulus

ah ok that makes sense then. so as im using HTTP::redirect a pool is not required? just whether I can mask the redirected URL in this irule now...? 🙂

 

Kevin_Stewart
F5 Employee
F5 Employee

You cannot mask the URL in an HTTP redirect. This URL is sent to the client and must be addressable. If you want to mask the URL, then you cannot send a redirect. You would use HTTP::uri instead.

 

nitass
F5 Employee
F5 Employee

just whether I can mask the redirected URL in this irule now

 

doesn't the irule Kevin suggested work?

 

e.g.

 

configuration root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.20.111:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { myrule } source 0.0.0.0/0 source-address-translation { type automap } vs-index 2 } root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:8080 { address 200.200.200.101 } } } root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm rule myrule ltm rule myrule { when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::uri "/123/456" } } } packet trace [root@ve11a:Active:Changes Pending] config ssldump -Aed -nni 0.0 port 80 or port 8080 New TCP connection 1: 172.28.20.17(35618) <-> 172.28.20.111(80) 1378628675.7572 (0.0019) C>S --------------------------------------------------------------- GET / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.20.111 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.14(35618) <-> 200.200.200.101(8080) 1378628675.7583 (0.0010) C>S --------------------------------------------------------------- GET /123/456 HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.20.111 Accept: */* ---------------------------------------------------------------