Forum Discussion

dsimonton's avatar
dsimonton
Icon for Nimbostratus rankNimbostratus
Jan 26, 2023

Pardon the n00b question here: Reverse proxy?

Hey Folks,

I and one of my new network engineers have recently inherited some F5 responsibilities. My knowledge of load-balancing is pretty rudimentary. This is going to be one of those things where 90% of F5 engineers/devs who know what they're doing would  respond with "RTFM!!!" and trust me,  I am more than happy (elated even!) to RTFM, but I don't know what I don't know yet and I'm really hoping someone can throw me a bone here. I think my first failure here is one of terminology.

I think what I want to accomplish is a reverse proxy.

The DNS for the VIP we'll say is "www.ourserver.com"
The members in the pool would be:
server1.internaldomain.com
server2.internaldomain.com

The problem is that when someone connects to the VIP, it forwards the request and the URL is written as https://server1.internaldomain.com and we just want the URL to show as https://www.ourserver.com  . We've tried a number of i-rule formulas that we thought would achieve this that haven't worked out. Am I even on the right path here? Is there a specific section of the M for me to RTF someone can point me to?

2 Replies

  • We do this to capture and rewrite http to https in http 3xx replies. You might try something similar. The F5 should normally pass the original Host header when it calls a pool member. The applications should be using this value for redirects and links and not their own hostname.

     

    when HTTP_REQUEST {
     set hostname [HTTP::host]
    }
    when HTTP_RESPONSE {
     if { ([HTTP::status] starts_with "3") and ([HTTP::header Location] contains $hostname) }{
      HTTP::header replace Location [string map {http: https:} [HTTP::header value Location]]
     } 
    }

     

    Side note: example.com, example.org and example.net are available specifically for uses like your example here. Somone owns ourserver.com and may or may not like you linking to it here.

    Here's another Dev Central post that might be more what you're looking for:

    https://community.f5.com/t5/codeshare/proxypass-lite/ta-p/284093

  • Hey dsimonton  - welcome to the world of F5! First, I hope you find everything you need. You've already figured out how to post here and seen that folks like TimRiker are knowledgeable and helpful. 🙂

    I know documentation can be fraught even if you do RTFM, so if you ever can't find an answer, post a question like you did here, and my team and I will be monitoring for potential content gaps we can fill.