Forum Discussion

nickLa248's avatar
nickLa248
Icon for Nimbostratus rankNimbostratus
Jun 06, 2023
Solved

Provide Content of different Webapps with one Virtual Server

I am pretty new to the F5 world and have been asked to setup a F5 BIG-IP serve as a reverse Proxy for a number of my companies web applications.

The problem is that i should only use one ip, meaning i only have one virtual server which is supposed to serve all webapps behind it.

I tried making it work with a basic irule which just redirects to the specified pool if the uri matches the if condition e.g.: https://<virtual-ip>/edge should use pool EdgePool. The issue is that this only works once as the uri then gets changed to /login resulting in the connection beeing reset. 

 

Is there any way to make this work while only using one virtual server?

application delivery
  • Paulius's avatar
    Paulius
    Jun 07, 2023

    nickLa248 I believe Mohamed_Ahmed_Kansoh is coming to the same result and your web app would need to add the additional path to the web app URI. As an example, when user goes to "/edge" they receive the edge web app but they still need to go to "/login" to log into the web app so the path if they did not login should be "/edge/login" rather than "/login" otherwise the F5 has no way of knowing that the "/login" request is for "/edge" web app. Now it is possible to have a default pool that handles authentication for each web app and hooks back to the appropriate web app using some sort of reference in a database that every web app communicates with but this seems like it would be fairly complicated. Your best option would the following assuming your web app is capable of doing it.

    1. Have a unique hostname for each web app such as "edge.example.com" and then the URI path doesn't really matter at that point.
    2. Have each web app function off of URI path such as "/edge/" and then each subsequent path would be added onto the URI such as "/edge/login" which would mean each web app has those paths available.

    Beyond this it seems that it would not be feasible to have multiple web apps on one virtual server because you cannot differentiate between the web apps.

6 Replies

Sort By
  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Jun 06, 2023

    Hi nickLa248 , 
    You are using irule to forward traffic to specific pool based on the URI , For example /edge worked well and traffic forwarded to Edge_pool , but you are asking if the uri appeared /login traffic is RST. 
    >>>> 
    > First : did you assign a default pool under ( Resource TAB ) for that Virtual server ? 
    > Second : if you have multiple different web applications you should put conditions based on host names not URIs , as you can publish different web applications by one virtual server but you need to do that by irule/LTM policy to forward traffic based on host names. 
    > Third if you need to forward traffic based on URIs as you mentioned , you have to add all URIs in conditions and actions , I mean in your case  /edge worked with you because it matches a conditions and the following action was triggered by forwarding traffic to Edge pool, if you have other URIs you have to create other conditions. 

    Let me know what do you try to acieve , if my answer not clear ? 

    • nickLa248's avatar
      nickLa248
      Icon for Nimbostratus rankNimbostratus
      Jun 07, 2023

      The connection is reset as the iRule is no longer triggered as /edge does lead to a connection to the webapp, showing its login page but  the url of the login page is virtualServer/login resulting in the iRule condition no longer beeing executed which then results in no pool beeing selected. 

      <First: i did not assign a default pool as i dont have a service which should be shown by default

      >Second: how would i use the host names to id the services? my best idea would have been some way to have some uri part like /edge to id the service requested and then have the uris of the webapp add to it, like /edge/login or /edge/home etc.

      <Third: i thought of this but this require a lot of code depending on how many webapps should be served + a lot of maintenance also the biggest problem about this is what would i do if an uri is used by multiple services, for example /login

      • Mohamed_Ahmed_Kansoh's avatar
        Mohamed_Ahmed_Kansoh
        Icon for MVP rankMVP
        Jun 07, 2023

        Hi nickLa248 , 
        I 've read the reply to Paulius , 

        Try This : 

         

        #Befor Pool Edgepool add this command : HTTP::uri "/edge/login"

so it will become like that : 
if {$uri contains "/edge"}{
   HTTP::uri "/edge/login"
   pool Edgepool 
}

         

        I think you have resource locator in your web site like login.html or login.php 
        so if you know it add this part in the irule , iwill be like this : 
        HTTP::uri "/edge/login.php" or HTTP::uri "/edge/login.html" and .....etc 

  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    Jun 06, 2023

    nickLa248 If you are able to provide a few examples of different applications and how you differentiate between them using the Host field in conjunction with a URI path or even just a URI path we should be able to come up with something that will work for you.

    • nickLa248's avatar
      nickLa248
      Icon for Nimbostratus rankNimbostratus
      Jun 07, 2023

      Maybe for better understanding, i need the virtual server to work as a reverse proxy for multiple apps.

      Currently i am testing with two applications my plan was to differentiate between them by an uri entered in addition to virtual server ip as ive shown with the /edge example. The following iRule then executes the correct if condition and uses the pool of the requested application.

      The issue with this is, as you can see, that only if the uri has /edge it would use edgepool. but after /edge is called i get greeted with the login to the webapp which changes the uri to /login resulting in no pool beeing selected and connection timing out.

      so the question would be if there is a way to "keep" the /edge part and add login to it like /edge/login or if there is some other way to identify which pool is supposed to  be used for a request

       

      • Paulius's avatar
        Paulius
        Icon for MVP rankMVP
        Jun 07, 2023

        nickLa248 I believe Mohamed_Ahmed_Kansoh is coming to the same result and your web app would need to add the additional path to the web app URI. As an example, when user goes to "/edge" they receive the edge web app but they still need to go to "/login" to log into the web app so the path if they did not login should be "/edge/login" rather than "/login" otherwise the F5 has no way of knowing that the "/login" request is for "/edge" web app. Now it is possible to have a default pool that handles authentication for each web app and hooks back to the appropriate web app using some sort of reference in a database that every web app communicates with but this seems like it would be fairly complicated. Your best option would the following assuming your web app is capable of doing it.

        1. Have a unique hostname for each web app such as "edge.example.com" and then the URI path doesn't really matter at that point.
        2. Have each web app function off of URI path such as "/edge/" and then each subsequent path would be added onto the URI such as "/edge/login" which would mean each web app has those paths available.

        Beyond this it seems that it would not be feasible to have multiple web apps on one virtual server because you cannot differentiate between the web apps.