Hi,I have an internal server with two "applicatins" and I need to give access to one of the application from Internet,The fqdn "globalserver.mydomain.com" point to my F5 vip, and I need that every time client try to go to globalserver.mydomain.com the F5 will send the client to "internalserver.com/portsluser/main#page/"I can accomplish this with redirect policy but then the client will see in his browser the redirection url which is nternalserver.com/portsluser/main#page/RegardsRafi

Hi Rafi1 , > may I understood in first part , if you want your to get internet access for your nodes you need to configure Forwarding virtual server on F5 to take the initiated traffic from your nodes to your internet path. follow this article , to configure Forwarding virtual server : https://support.f5.com/csp/article/K7595> For FQDN hostname redirection , I think your clients can see the redirection on their browsers if you use " Redirect Action in LTM policy or HTTP::redirect by iRules ". As an adminstrator on F5 , if you want to be the only person who see this change of FQDNs , you need to " replace old FQDN to new FQDN " by using HTTP::header not performing a redirection on FQDN hostnames level. By replacing the http header , you will find the new host name added in the entire http packet , but the Client will still see the old FQDN hostname in their browser. Follow this iRule to change hostname header on http packets : when HTTP_REQUEST { if { ([string tolower [HTTP::host]] equals "globalserver.mydomain.com") }{ HTTP::header replace Host "internalserver.com" } }Tell me first if this meets your needs or not , if not clarify your request exactly , if yes " for changing host header instead of redirection " we can add more conditions for the rest of uri paths that you want to add. I will wait your Feedback Thanks

Hi,Thank you for your replay,I think it will better to describe what i'm trying to achieve1. I configured virtual server, (Type standart) every client that want to get to the internal service need to go to "globalserver.mydomain.com" whice by dns A record point this traffic to the virtual server I creatd'Then I want that F5 will take this request and point it to "internalserver.com/portsluser/main#page/"And the client in his browser still see his original request which is "globalserver.mydomain.com" Regards

Hi Rafi1 , I have simulated this scenario on my lab , try this irule : when HTTP_REQUEST { if { ([string tolower [HTTP::host]] equals "globalserver.mydomain.com") }{ HTTP::header replace Host "internalserver.com" HTTP::path "/portsluser/main#page/" } } Find the below snap shots from my LAB : irule : My results : Do you see , as a client I wrote " shopping.asm.f5" , and the request shown in F5 ASM event logs with a changed header and added new path which did not appear to client neither new hostname nor added path. Try it and give me your feedback. Regards.

Hi Mohamed_Ahmed_Kansoh Thank you very for yourתunfortunately the Irule didnt work for me,I must mention another thing (forgot sorry) the originagl url that the client browse to as i mention is "globalserver.mydomain.com" I need that the LTM will change it to "internalserver.xxx.mydomain.com/portsluser/main#page/" its sub domain for "mydomain.com" in the virtual server certificate in "ssl profile client" the certificate is *.mydomain.com do I need also *.xxx.mydomain.com ? I configured regular virtual server with: type=standard, service port=443, pool=internalserver.xxx.mydomain.com, without your Irule the LTM forword me to the server "internalserver.xxx.mydomain.com" I hoped that with your Irule he will forword me to "internalserver.xxx.mydomain.com/portsluser/main#page/", but unfortunately with the Irule I got blank page (no service)I also noticed that in your lab you are using security profile (ASM), basically I dont need ASM all I need is forward the client request to another web service. Any idea ?Regards

Hello Rafi, if I'm not mistaken you're having the same issue as this post here. - globalserver.mydomain.com should resolve to your VS IP - if SSL is in place, you need a clientSSL profile with a certificate that matches "globalserver" SNI (or wildcard for *.mydomain.com) - you need HTTP profile on the vitual server to parse request elements - if backend server speaks SSL, you also need a serverSSL profileiRule should be pretty simple, this code will rewrite client request before sending it to server -- meaning it will be transparent to client. when HTTP_REQUEST { if {[string tolower [HTTP::host]] eq "globalserver.mydomain.com" }{ HTTP::header replace Host "internalserver.com" HTTP::uri "/portsluser/main#page/" } }My only concern would be that you have hash "#" character in URI, which is a reserved character that is usually only interpreted by client browser (usually not passed to server) to identify a fragment.

Need to rewrite with LTM

11 Replies

Mohamed_Ahmed_Kansoh
MVP
Nov 13, 2022
Hi Rafi1 ,
> may I understood in first part , if you want your to get internet access for your nodes you need to configure Forwarding virtual server on F5 to take the initiated traffic from your nodes to your internet path.
follow this article , to configure Forwarding virtual server :
https://support.f5.com/csp/article/K7595

> For FQDN hostname redirection , I think your clients can see the redirection on their browsers if you use " Redirect Action in LTM policy or HTTP::redirect by iRules ".
As an adminstrator on F5 , if you want to be the only person who see this change of FQDNs , you need to " replace old FQDN to new FQDN " by using HTTP::header not performing a redirection on FQDN hostnames level.
By replacing the http header , you will find the new host name added in the entire http packet , but the Client will still see the old FQDN hostname in their browser.
Follow this iRule to change hostname header on http packets :
when HTTP_REQUEST { if { ([string tolower [HTTP::host]] equals "globalserver.mydomain.com") }{ HTTP::header replace Host "internalserver.com" } }
Tell me first if this meets your needs or not , if not clarify your request exactly , if yes " for changing host header instead of redirection " we can add more conditions for the rest of uri paths that you want to add.

I will wait your Feedback

Thanks
- Rafi1
  Cirrus
  Nov 13, 2022
  Hi,
  Thank you for your replay,
  I think it will better to describe what i'm trying to achieve
  1. I configured virtual server, (Type standart)
  every client that want to get to the internal service need to go to "globalserver.mydomain.com" whice by dns A record point this traffic to the virtual server I creatd'
  Then I want that F5 will take this request and point it to "internalserver.com/portsluser/main#page/"
  And the client in his browser still see his original request which is "globalserver.mydomain.com"
  
  Regards
  - Mohamed_Ahmed_Kansoh
    MVP
    Nov 13, 2022
    Hi Rafi1 ,
    I have simulated this scenario on my lab , try this irule :
    when HTTP_REQUEST { if { ([string tolower [HTTP::host]] equals "globalserver.mydomain.com") }{ HTTP::header replace Host "internalserver.com" HTTP::path "/portsluser/main#page/" } }
    
    Find the below snap shots from my LAB :
    irule :
    My results :
    Do you see , as a client I wrote " shopping.asm.f5" , and the request shown in F5 ASM event logs with a changed header and added new path which did not appear to client neither new hostname nor added path.
    Try it and give me your feedback.
    
    Regards.
CA_Valli
MVP
Nov 14, 2022
Hello Rafi, if I'm not mistaken you're having the same issue as this post here.
- globalserver.mydomain.com should resolve to your VS IP
- if SSL is in place, you need a clientSSL profile with a certificate that matches "globalserver" SNI (or wildcard for *.mydomain.com)
- you need HTTP profile on the vitual server to parse request elements
- if backend server speaks SSL, you also need a serverSSL profile
iRule should be pretty simple, this code will rewrite client request before sending it to server -- meaning it will be transparent to client.
when HTTP_REQUEST { if {[string tolower [HTTP::host]] eq "globalserver.mydomain.com" }{ HTTP::header replace Host "internalserver.com" HTTP::uri "/portsluser/main#page/" } }
My only concern would be that you have hash "#" character in URI, which is a reserved character that is usually only interpreted by client browser (usually not passed to server) to identify a fragment.
- Rafi1
  Cirrus
  Nov 14, 2022
  Hi,
  All the previous conditions are defined, but still with the Irule I see blank page
  I actually able to make progress with rewrite profile, I wrote rewrite profile and it works as accepted, when I'm browse to "internalserver.com" the profile rewrite it to "internalserver.com/portsluser/" and the client still see in his browser "internalserver.com", but now the problem is when I'm trying to login I'm getting error 500 from the web site
  Any idea ?
  Regards
  - CA_Valli
    MVP
    Nov 14, 2022
    Hello Rafi,
    can you define blank page better?
    If server responds to "GET /portsluser/ Host: internalserver.com" request with a 200-content that returns a blank page, problem is on the server.
    If you have a timeout issue, there might be a problem on the network instead - maybe you might need to fix NAT or routing.
    If you run curl -vk -H "internalserver.com" https://<internalserver.com node IP>/portsluser/ from F5 command line, what's the output?
    If you run curl -vk -H "globalserver.mydomain.com" https://<virtual server IP>/ from F5 command line, what's the output?

Forum Discussion

Need to rewrite with LTM

11 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

URL rewrite

Rewriting iRules...LIVE!

Rewriting Redirects

Rewrite Subdomain

Rewrite profile statistics in ltm