Forum Discussion

Brian_Burns's avatar
Brian_Burns
Icon for Nimbostratus rankNimbostratus
Sep 03, 2020

Local Traffic Policy to Redirect Based on Hostname

Hello Community,

I hope someone can point me in the right direction.

We are in the process of migrating our web applications to a new portal system. I need to redirect the client to the new URL, but I don't want the client to see the redirection. I think this is similar to the ProxyPass iRule, but I would like to do this through traffic policies instead of an iRule.

Here is an example of the application I am trying to redirect.

https://application-a.domain.com/ -> https://portal.internal.domain.local/application-a

I have a traffic policy to rewrite the hostname and URI path that seems to be working correctly, but the server returns a 302 redirection to https://portal.internal.domain.local/application-a. I've been banging my head against a wall trying to figure out how to replace https://portal.internal.domain.local/application-a with https://application-a.domain.com/. I've tried adding a rule to replace portal.internal.domain.local with application-a.domain.com in the HTTP header Location path, but that does not seem to do anything.

Here is the full policy...

 

ltm policy /Common/Test_Policy {
    requires { http }
    rules {
        Test_Rule1 {
            actions {
                0 {
                    http-host
                    replace
                    value portal.internal.domain.local
                }
                1 {
                    http-uri
                    replace
                    path "tcl:[string map { / /application-a/ } [HTTP::uri]]"
                }
                2 {
                    http-header
                    response
                    replace
                    name Location
                    value "[string map {portal.internal.domain.local application-a.domain.com} [HTTP::header Location]]"
                }
            }
            conditions {
                0 {
                    http-host
                    host
                    values { application-a.domain.com }
                }
            }
        }
    }
    strategy /Common/first-match
}

 

And here is the client side redirect from Wireshark.

 

HTTP/1.1 302 Found
Date: Thu, 03 Sep 2020 13:50:48 GMT
Server: Apache/2.4.38 (Debian)
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
X-Powered-By: PHP/7.3.18
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-cGxGUVVWczZMM3E2S0pScEh0V0dmeDd4cHVVU2QrbjhZUjREaXAvWTlMWT06alFBWkN6RVBXQVA0WXRVZFNKdjBWRk9UbHRVblQ2YVpOMnhBd3ZYeng1az0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Location: https://portal.internal.domain.local/application-a/index.php/login
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

 

Thanks for any assistance.

Brian Burns

No RepliesBe the first to reply