Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Irule Vs rewrite - FQDN hostname

Mr__T
Cirrus
Cirrus

Hi All,

New to IRules, and rewrites. 

Clients will type appname.domain.com, I need to redirect to another URL (working via IRule) that the server understands but keep the friendly name appname.domain.com in the browser post every response. Protocol is https already E3E. T

Your help is appreciated.

 

when HTTP_REQUEST {
if { [HTTP::host] equals "appname.domain.com"} {
if { [HTTP::path] equals "/" } {
HTTP::redirect "https://longappname.com:port/something/something /something/etc/etc/etc.html"
}
}

19 REPLIES 19

Paulius
MVP
MVP

@Mr__T So a few things stand out to me. First is that you don't want a redirect you would like a rewrite but in your rewrite it looks like you want to add on a port at the end of the host which shouldn't be necessary because your pool member should be listening on that port already. The last is whenever they hit just "/" as the URI do you want to redirect them to a specific path? So as an example of how I believe this works.

User requests https://appname.domain.com/
F5 responds with a redirect to https://appname.domain.com/something/something/something/etc/etc/etc.html
User now requests https://appname.domain.com/something/something/something/something/etc/etc/etc.html
F5 rewrites appname.domain.com to longappname.com
F5 sends request to server on https://longappname.com/something/something/something/etc/etc/etc.html
Response comes back from server and F5 rewrites longappname.com to appname.domain.com
F5 sends response back to client for https://appname.domain.com/something/something/something/etc/etc/etc.html

If for some reason I did not understand this correctly can you provide additional information as to how it has to function?

Hi @Paulius,

The long URL is what the app has hardcoded and will only respond to that URL. So my goal was to make sure the client only sees the frienly name after the redirects happen. I tried rewrite policies but the IRule seems to be the way to go. The redirect to he long URL works fine, but they dont want to see the servername rather FQDN. 

Does this make sense?

Hi @Paulius 

 

Thanks for the reply. 

When i tried the re-write it did not work as exected. 

User request https://FQDN

The backend server/pool member is expecting https://servername:port/something/something. and wont respond to https://FQDN

I need the browser to always return https://FQDN and not the https://Servername

Does this make sense?

@Mr__T If your pools have multiple pool members I do not believe this will be possible because you will require mapping a single FQDN to multiple server names depending on the pool member that you are sent to. Your best bet here would be to work with the server/app admins to see if they have a way of changing what they expect for the host and path. Typically all of this can be done at the server level instead of performing a bandaid at the F5 which in some cases such as yours will not work because of the single FQDN to many names issue.

Only 1 server in the pool. We tried to get the app owners to correct this at the application but they could not.

So the server is expecting https//:servername:8443/etc/ etc/etc/landingpage. Cosmetically, the app owner does not want to see unfriendly name. 

 

@Mr__T The following is the base iRule and you can continue to add on additional "elseif" to this to account for additional applications and change the port "8080" to the respective port.

when HTTP_REQUEST priority 500 {

    if {[string tolower [HTTP::host]] == "example.com"} {
        HTTP::host [string map {"example.com" "servername.example.com:8080"}[HTTP::host]]
    }

}

 

HTTP::redirect will effectively redirect the client to the new location, and will change the url in the browser. What you need is to replace the host header in the pool side of the connection as described here https://clouddocs.f5.com/api/irules/HTTP__host.html

when HTTP_REQUEST {

   # Check if requested host doesn't start with www.example.com
   if {not ([string tolower [HTTP::host]] starts_with "www.example.com")}{

      # Replace the host header value with newhost.example.com
      HTTP::header replace Host "newhost.example.com"
   }
}

And to replace the path with another path without redirection, this is described here https://my.f5.com/manage/s/article/K02027845 :

when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/sometext" } {
        set uri [string map -nocase {"/sometext" "/newtext"} [HTTP::uri]]
        HTTP::uri $uri
    }
}

 

Hi @Amine_Kadimi 

Would I create 2 separate irules? 

Sorry for the ambiguous reply. No you can do it with one iRule and one when HTTP_REQUEST block containing all the replacement logic you need. 

Two iRules can work too but there is no need to go this way in your case. 

Ok copy. Let me try and report back. 

One last thing, there is a port needed for the pool side connection

Below is what I have in 1 irule. Fails because the backend server is expecting---https://ServerName.Domain.com:8443/etc/bc/ui5_ui5/ui2/ushell/shells/abap/something.html"

But I want the client browser to have the below once the server completes its jobs post request. 

https://FQDN/etc/bc/ui5_ui5/ui2/ushell/shells/abap/something.html

Hope this makes sense. 

when HTTP_REQUEST {

# Check if requested host doesn't start with www.example.com
if {not ([string tolower [HTTP::host]] starts_with "https://FQDN/")}{

# Replace the host header value with newhost.example.com
HTTP::header replace Host "https://ServerName.Domain.com:8443/"

if { [HTTP::uri] starts_with "/" } {
set uri [string map -nocase {"/" "/etc/bc/ui5_ui5/ui2/ushell/shells/abap/something.html"} [HTTP::uri]]
HTTP::uri $uri
}
}
}

You don't need to specify https nor the port on the host header, cause those are specified elsewhere, https is by using a ssl servers profile and the port is at the pool member.

Alsop testing if uri starts with / is useless since all uris stars with /. 

If I understand correctly your requirement, why not first redirecting user to target path, then doing just the host replacement. 

Something like this that :

when HTTP_REQUEST {
if { [HTTP::uri] equals "/"}
 {
    HTTP::redirect "https://[HTTP::host]/your/full/path/something.html"
 }
else {
     HTTP::header replace Host ServerName.Domain.com
  } 
}

 

Thanks for the clarifications @Amine_Kadimi

Let me try this and report back. 

I want to make sure I communicate the issue properly. The redirect covers the URL change in the request.The hostheader replace needs to happen on the response from the server back to the client keeping the existing uri from the redirect. 

Thanks again. 

There is no host header in the responses since it is a request header in http. So as long as you connect to the right ip and port of the backend server, and you have the correct host header in the request from F5 (since you handled that with the replace header command), you should get the answer from the server. This answer will then be sent to to the client from F5, and this should be transparent for the client unless you have some redirection happening in the server itself thats is redirecting to the real server name because F5 by default is forwarding these kind of redirections to the client. This can be checked on the client using F12 developer tools. If that is the case, there is solution for that (redirect rewrite) 

Bingo! @Amine_Kadimi. There is some redirects happening on the server after the redirect of the request to the URL which includes port https://ServerName:8443/long uri.(port must be specified since not default protocol port) I have tried the redirect rewrite but i am a newbie to these features. 

You are appreciated. 

@Mr__T Do you have the output of the redirect coming from the server so we can see what needs to be adjusted?

Hi @Amine_Kadimi,

This is what I have from your suggestion.  The replace host does not seem to execute. redirection does happen. 

when HTTP_REQUEST {
if { [HTTP::uri] equals "/"}
{
HTTP::redirect "https://Servername:8443/etc/bc/ui5_ui5/ui2/ushell/shells/abap/page.html"
}
else {
HTTP::header replace Host FQDN
}
}