Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Local Traffic Policy to Redirect Based on Hostname

Brian_Burns
Nimbostratus
Nimbostratus

Hello Community,

I hope someone can point me in the right direction.

 

We are in the process of migrating our web applications to a new portal system. I need to redirect the client to the new URL, but I don't want the client to see the redirection. I think this is similar to the ProxyPass iRule, but I would like to do this through traffic policies instead of an iRule.

 

Here is an example of the application I am trying to redirect.

https://application-a.domain.com/ -> https://portal.internal.domain.local/application-a

 

I have a traffic policy to rewrite the hostname and URI path that seems to be working correctly, but the server returns a 302 redirection to https://portal.internal.domain.local/application-a. I've been banging my head against a wall trying to figure out how to replace https://portal.internal.domain.local/application-a with https://application-a.domain.com/. I've tried adding a rule to replace portal.internal.domain.local with application-a.domain.com in the HTTP header Location path, but that does not seem to do anything.

 

0691T000009iHJ5QAM.png

 

Here is the full policy...

ltm policy /Common/Test_Policy {     requires { http }     rules {         Test_Rule1 {             actions {                 0 {                     http-host                     replace                     value portal.internal.domain.local                 }                 1 {                     http-uri                     replace                     path "tcl:[string map { / /application-a/ } [HTTP::uri]]"                 }                 2 {                     http-header                     response                     replace                     name Location                     value "[string map {portal.internal.domain.local application-a.domain.com} [HTTP::header Location]]"                 }             }             conditions {                 0 {                     http-host                     host                     values { application-a.domain.com }                 }             }         }     }     strategy /Common/first-match }

 

And here is the client side redirect from Wireshark.

HTTP/1.1 302 Found Date: Thu, 03 Sep 2020 13:50:48 GMT Server: Apache/2.4.38 (Debian) Referrer-Policy: no-referrer X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Robots-Tag: none X-XSS-Protection: 1; mode=block X-Powered-By: PHP/7.3.18 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-cGxGUVVWczZMM3E2S0pScEh0V0dmeDd4cHVVU2QrbjhZUjREaXAvWTlMWT06alFBWkN6RVBXQVA0WXRVZFNKdjBWRk9UbHRVblQ2YVpOMnhBd3ZYeng1az0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; Location: https://portal.internal.domain.local/application-a/index.php/login Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

 

Thanks for any assistance.

 

Brian Burns

0 REPLIES 0