Hi, We have an internal site that serves up simple avatar images
this site is internal and no access from the DMZ (although we do have certain ports like 442 open from some machines to this site)
Naturally clients on the internet would not be able to get to https://services2.companyname.com/avatars/filename.jpg
However they can get to https://services.companyname.com/avatars/filename.jpg
We have 2 F5s (one in the DMZ serving external sites and one internal serving internal sites)
I would like to do a reverse proxy so that customers that would hit https://services.companyname.com/avatars/filename.jpg would actually get content from https://services2.companyname.com/avatars/filename.jpg
I have setup a rewrite profile in the external F5 that services the url (services.companyname.com/avatars) to rewrite to (services2.companyname.com/avatars)
This seems to work when I am VPNd to my company where I would have access to services2.companyname.com. But when I am not vpnd in, it does not work. It rewrites to services2.companyname.com but throws the same error like it would trying to hit that url outside.
what am I missing here that would allow the content to be served?
Is this not working because my F5 in the DMZ does have access to the internal site services2.companyname.com on the port 443?
I would think of this in multiple steps:
1. Ensure that your external F5 can reach the internal sites, or at least that it can reach the internal F5 where that content can be fetched from in a specific virtual server.
2. If the client makes a request for "/avatars/filename.jpg", divert the request to an alternative pool. This can be done with an iRule. This "avatar pool" would contain either the internal servers or a VS in your internal F5.
3. In the same iRule you'll probably have to rewrite the host and uri parts, and that must be done transparently to the client - meaning: no redirects involved in the operation.