Forum Discussion

Rafi1's avatar
Rafi1
Icon for Cirrus rankCirrus
Nov 13, 2022

Need to rewrite with LTM

Hi, I have an internal server with two "applicatins" and I need to give access to one of the application from Internet, The fqdn "globalserver.mydomain.com" point to my F5 vip, and I need that ever...
security
Rafi1's avatar
Rafi1
Icon for Cirrus rankCirrus
Nov 13, 2022

Hi Mohamed_Ahmed_Kansoh 

Thank you very for yourת

unfortunately the Irule didnt work for me,

I must mention another thing (forgot sorry)  the originagl url that the client browse to as i mention  is "globalserver.mydomain.com" I need that the LTM will change it to "internalserver.xxx.mydomain.com/portsluser/main#page/" its sub domain for "mydomain.com" in the virtual server certificate in "ssl profile client" the certificate is *.mydomain.com  do I need also *.xxx.mydomain.com ?

 

I  configured regular virtual server with: type=standard, service port=443,  pool=internalserver.xxx.mydomain.com, without your Irule the LTM forword me to the server "internalserver.xxx.mydomain.com" I hoped that with your Irule he will forword me to "internalserver.xxx.mydomain.com/portsluser/main#page/", but unfortunately with the Irule I got blank page (no service)

I also noticed that in your lab you are using security profile (ASM), basically I dont need ASM all I need is forward the client request to  another web service.

 

Any idea ?

Regards

Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Nov 14, 2022

Hi Rafi1 ,   
  As per CA_Valli’s iRule and mine , both of them should work with you. 
> I want to add there is a problem with your certificate , you have wildcard to "*.mydomain.com" it will not be compatible with "*.xxx.mydomain.com" , or remover " . that before xxx" I mean the hostname should be "internalserver-xxx.mydomain.com" and do not use "dot ." in your hostnames. 
> After that make sure that 
"globalserver.mydomain.com " and " internalserver-xxx.mydomain.com" 
have the same dns resolution or at least configure this

" internalserver-xxx.mydomain.com" to be mapped to " ip of virtual server on F5 " 

> but in your Case there is an issue with certificate , you must use "-" not "." 
and try. 

> I used ASM loging to see the requests contents only as a monitoring , not to do any actions. 

> I will Take a Pcap from my Lab to see the Flow of traffic and changes as well. 

Regards.

  • Rafi1's avatar
    Rafi1
    Icon for Cirrus rankCirrus
    Nov 14, 2022

    Hi Mohamed_Ahmed_Kansoh 

    The " internalserver-xxx.mydomain.com"  the "xxx" is sub domain so I must use "dot."

    What if in the server ssl profile (in the virtual server ) I will attached the the real server certificate *.xxx.mydomain.com ?

    Regards

    • Mohamed_Ahmed_Kansoh's avatar
      Mohamed_Ahmed_Kansoh
      Icon for MVP rankMVP
      Nov 14, 2022

      yes , you need to create a new certificate for " *.xxx.mydomain.com" 
      I stucked in this issue before and resolved it by "-" symbol not "."

      let me take a tcpdumb on my lab environment , it will show to us more about redirections.