cancel
Showing results for 
Search instead for 
Did you mean: 

Migrating from IIS - URL rewrite issue

strich55
Nimbostratus
Nimbostratus

Hi,

 

I have a URL rewrite rule in IIS that I need to migrate to F5. That rewrite rule is used by software developper, so I don't know what they are going to include in the HTTP request.

The way it works is that the client initiate a connection to https://www.abc.com/URL=www.def.com/ghi

In this example, the client ask for https://www.abc.com and F5 needs to initiate a connection to www.def.com and send the answer back to the client.

I can't use HTTP::redirect or HTTP::respond as I don't want the client to change URL.

 

I have tried playing with an iRule, but I am not able to achieve my goal. In my example, I am able to manipulate the HTTP::request :

 

when HTTP_REQUEST

{

set newaddress [getfield [substr [HTTP::uri] 5 end] "/" 1] #Extract the new url address

HTTP::uri [string map [list $newaddress "" "/URL=" ""] [HTTP::uri]] #Extract the new URI and assign it to HTTP::uri

HTTP::host $newaddress #Assign the new url address

}

 

From there, I don't know how to trigger Big-IP to initiate the connection to www.def.com/ghi or if I should use rewrite profile

I am running version 13.1.3.3 of Big-IP.

 

Thank you

5 REPLIES 5

Hello.

 

"www.def.com" should be configured as a pool member resource.

 

You can use a rewrite profile or just modify the irule to replace these specific headers:

 

GET /URL=www.def.com/ghi HTTP/1.1

Host: www.abc.com

 

To get this:

 

GET /ghi HTTP/1.1

Host: www.def.com

 

If "www.def.com" page has references to relative path resources (let say href="/images/myimage.png") you should take this into account replacing the payload during the HTTP_RESPONSE.

 

Besides of URI and host header, there exist other headers that could need to put an eye of them.

  • Cookies
  • Content-Security-Policies
  • Etc

 

The best option is to connect the backend resource directly (with browser inspector) and try to investigate how your site is in order to plan your scope.

 

Regards,

Dario.

Regards,
Dario.

strich55
Nimbostratus
Nimbostratus

Hi Dario,

 

Thank you for you answer.

Unfortunatly, I can't use a pool. That www.def.com/ghi was an example. I should be able to process anything, as a wildcard, that comes after URL= . Our software developers need to be able to put in any address they need after URL= without having to notify the F5 admin.

 

Thank you

 

Stephane

Hello Strich.

 

Using a pool is relatively easy. With this iRule I'll have everything working properly

when HTTP_REQUEST { set url "https://[getfield [HTTP::uri] "URL=" 2]" set host [URI::host $url] set path [URI::path $url] set basename [URI::basename $url] HTTP::uri $path$basename HTTP::host $host }

If I test it with curl I've got this:

# CUSTOMER REQUEST TO BIG-IP GET /URL=www.wyz.com/app HTTP/1.1 User-Agent: curl/7.19.7 Accept: */* Host: www.abc.com   # BIG-IP REQUEST TO BACKEND GET /app HTTP/1.1 User-Agent: curl/7.19.7 Accept: */* Host: www.wyz.com

If you don't want to specify a pool in order to use it for a generic purpose then you need to include more logic in that iRule. One possible way to get your goal is to construct a sideband connection.

REF - https://clouddocs.f5.com/api/irules/HTTP-Super-SIDEBAND-Requestor-Client-Handles-Redirects-Cookies-C...

 

Try it, but from my perspective, it's better to configure an Access Portal using APM instead of configure that with an iRule. The URL structure is going to be slightly different, but it will be easier to configure it.

 

This is the URL structure using an Access Portal:

www.abc.com/f5-w-<HEX_equivalent_of_backend_FQDN>$$/uri

 

If this was helpful, please don't forget to mark my answer as "the best" to help me for the contribution.

 

Regards,

Dario.

Regards,
Dario.

strich55
Nimbostratus
Nimbostratus

Hi Dario,

 

Sorry to be base level, but when using that syntax :

  1. when HTTP_REQUEST {
  2. set url "https://[getfield [HTTP::uri] "URL=" 2]"
  3. set host [URI::host $url]
  4. set path [URI::path $url]
  5. set basename [URI::basename $url]
  6. HTTP::uri $path$basename
  7. HTTP::host $host
  8. }

 

Which pool is triggered? A pool that I need to define as www.xyz.com ?

 

Thank you

 

Stephane

Hello.

 

In my case, the pool was configured directly into the VS, but it's also possible to do it in the iRule.

REF - https://clouddocs.f5.com/api/irules/pool.html

 

There you have examples of how to select pools base on URI.

 

Regards,

Dario.

Regards,
Dario.