18-Feb-2022 08:05
Hi I am trying to set up a rule that will allow external users hitting an external facing URL that resolves to a VIP on our DMZ LTMs and redirects them to an internal non public facing URL on our internal pair of LTMs based on the URI. Is this possible?
21-Feb-2022 03:10 - edited 21-Feb-2022 03:19
Hello, it is possible either with iRule or with LTM policy.
iRules usually allow for more flexibility since they aren't limited to specific pre-coded instruction sets, while LTM policy performs much better (for same instructions, irule usually is 20% slower)
I would not set up a HTTP::redirect to hosts that can't be accessed by the public, but you can load balance the requests setting the internal LTM Virtual Server IP:port socket as a pool member. If you need to modify the packet beforehand (eg. rewriting URL or Host) there's tools that allow it in both iRule and LTM policy.
I can try to provide sample code
when HTTP_REQUEST {
#I'd recommend switch if you have few exact matches for your URI, eg. on HOST header
#I'd also recommend switch if you need to perform different actions on every match
switch -glob [string tolower [HTTP::host]] {
test1.domain.com { pool <pool_name> }
test2.domain.com { pool <pool_name> }
test3.domain.com {
pool <pool_name>
HTTP::header replace Host "newhost.domain.com" #sample rewrite (not a redirect)
}
}
#Alternatively, I'd recommend data group if you need to perform a single few actions on a long list of possible match
#read as: does the uri contain an element of datagroup_path_rewrite (case sensitive)
if {[class match [HTTP::uri] contains datagroup_path_rewrite]} {
HTTP::path /newpath/portal.js #this rewrites the URI path before senting traffic to BE server
}
}
To work with Data Group you must first configure one in Local Traffic > iRules > Data Groups, example below
ltm data-group internal /Common/datagroup_path_rewrite {
records {
/oldsubfolder1/ { }
/oldsubfolder2/ { }
/oldsubfolder3/ { }
/oldsubfolder4/ { }
/oldsubfolder5/ { }
}
type string
}