CirrostratusHi I am trying to set up a rule that will allow external users hitting an external facing URL that resolves to a VIP on our DMZ LTMs and redirects them to an internal non public facing URL on our internal pair of LTMs based on the URI. Is this possible?
MVPHello, it is possible either with iRule or with LTM policy.
iRules usually allow for more flexibility since they aren't limited to specific pre-coded instruction sets, while LTM policy performs much better (for same instructions, irule usually is 20% slower)
I would not set up a HTTP::redirect to hosts that can't be accessed by the public, but you can load balance the requests setting the internal LTM Virtual Server IP:port socket as a pool member. If you need to modify the packet beforehand (eg. rewriting URL or Host) there's tools that allow it in both iRule and LTM policy.
I can try to provide sample code
when HTTP_REQUEST {
#I'd recommend switch if you have few exact matches for your URI, eg. on HOST header
#I'd also recommend switch if you need to perform different actions on every match
switch -glob [string tolower [HTTP::host]] {
test1.domain.com { pool <pool_name> }
test2.domain.com { pool <pool_name> }
test3.domain.com {
pool <pool_name>
HTTP::header replace Host "newhost.domain.com" #sample rewrite (not a redirect)
}
}
#Alternatively, I'd recommend data group if you need to perform a single few actions on a long list of possible match
#read as: does the uri contain an element of datagroup_path_rewrite (case sensitive)
if {[class match [HTTP::uri] contains datagroup_path_rewrite]} {
HTTP::path /newpath/portal.js #this rewrites the URI path before senting traffic to BE server
}
}
To work with Data Group you must first configure one in Local Traffic > iRules > Data Groups, example below
ltm data-group internal /Common/datagroup_path_rewrite {
records {
/oldsubfolder1/ { }
/oldsubfolder2/ { }
/oldsubfolder3/ { }
/oldsubfolder4/ { }
/oldsubfolder5/ { }
}
type string
}