cancel
Showing results for 
Search instead for 
Did you mean: 

Irule direct traffic to external site

JohnMoody
Nimbostratus
Nimbostratus

Traffic arrives at an existing VIP  www.mycompany.com/pay1

When the URI is pay1, I have to send a connection to an external web site 

"*pay1" {
set dest_host [RESOLV::lookup @8.8.8.8 "www.externalsite.com"]
}
HTTP::uri "/merchant.jsp"

}

HTTP::header replace host $dest_host
node $dest_host 443

 

External site recently changed their process to no longer allow IP address connections, the issue
is that I cannot figure out how to forward the required traffic to the external site via the irule.

I think that this is how the F5 is sending the external traffic, and this gives me an error.

curl --header 'Host: www.externalsite.comhttps://192.168.1.1/merchant.jsp

THis works as expected via curl

curl -kv https://www.externalsite.com/merchant.jsp

Any bright ideas how to modify the irule to allow the connection as per the bottom section?

Tried this and it didn't work

HTTP::header replace host www.externalsite.com
node $dest_host 443

do not want to hardcode the IP's in the irule.

 

1 REPLY 1

MaximP
Cirrus
Cirrus
I think that this is how the F5 is sending the external traffic, and this gives me an error.

curl --header 'Host: www.externalsite.comhttps://192.168.1.1/merchant.jsp

What kind of error do you receive?

I guess you have to provide hostname not only in host header but in TLS SNI field too. SNI extention allows server to show proper certificate depends on target hostname.

Here you can find the IRULE to inject SNI into server-side connection https://support.f5.com/csp/article/K41600007