28-Mar-2022 14:00
Traffic arrives at an existing VIP www.mycompany.com/pay1
When the URI is pay1, I have to send a connection to an external web site
"*pay1" {
set dest_host [RESOLV::lookup @8.8.8.8 "www.externalsite.com"]
}
HTTP::uri "/merchant.jsp"
}
HTTP::header replace host $dest_host
node $dest_host 443
External site recently changed their process to no longer allow IP address connections, the issue
is that I cannot figure out how to forward the required traffic to the external site via the irule.
I think that this is how the F5 is sending the external traffic, and this gives me an error.
curl --header 'Host: www.externalsite.com' https://192.168.1.1/merchant.jsp
THis works as expected via curl
curl -kv https://www.externalsite.com/merchant.jsp
Any bright ideas how to modify the irule to allow the connection as per the bottom section?
Tried this and it didn't work
HTTP::header replace host www.externalsite.com
node $dest_host 443
do not want to hardcode the IP's in the irule.
30-Mar-2022 05:21
I think that this is how the F5 is sending the external traffic, and this gives me an error.curl --header 'Host: www.externalsite.com' https://192.168.1.1/merchant.jsp
What kind of error do you receive?
I guess you have to provide hostname not only in host header but in TLS SNI field too. SNI extention allows server to show proper certificate depends on target hostname.
Here you can find the IRULE to inject SNI into server-side connection https://support.f5.com/csp/article/K41600007