Reverse Proxy using Cookie in iRule or Policy

MohanK · ‎21-Apr-2021

Hello,

We need to add below irules/policy for google cloud reverse proxy:

1. The application will drop a cookie on the first request of https://abc.site.com

2. The LTM needs to detect this cookie when it intercepts the request. based on the cookie the request needs to be reverse proxy to a google cloud URL without changing the actual application URL.

Example:

Cookie name: Experience.

1. If the cookie exist:

abc.site.com -> def.site.com/home

Note: the URL in the browser should still be https://abc.site.com

2. If the cookie doesn't exist

https://abc.site.com no changes

SanjayP · ‎21-Apr-2021

Create a pool for Google Cloud destination. Modify iRule with pool name accordingly.

when HTTP_REQUEST {    
    if { ( [HTTP::cookie exists Experience] ) } {
     HTTP::header replace "Host" "def.site.com"	
     HTTP::uri /home
     pool def.site.com_pool	 
    }  else {
	 return
	}      
}

View solution in original post

SanjayP · ‎21-Apr-2021

Create a pool for Google Cloud destination. Modify iRule with pool name accordingly.

when HTTP_REQUEST {    
    if { ( [HTTP::cookie exists Experience] ) } {
     HTTP::header replace "Host" "def.site.com"	
     HTTP::uri /home
     pool def.site.com_pool	 
    }  else {
	 return
	}      
}

MohanK · ‎21-Apr-2021

Awesome! Thank you Sanjay. I'll Test and get back to you 🙂

MohanK · ‎13-May-2021

Sanjay,

At this moment I'm selecting, this as a best answer.

I also have one more query - Pool member is going to be an external VIP Address, does it respond to health monitor just like all other server node ?

MohanK · ‎11-Jun-2021

This rule worked, as exactly what we expected, I have added few other parameters for the special requirement. Thank you so much again, Sanjay 🙂

MohanK · ‎26-Apr-2021

Sanjay, actually https://def.site.com/home is external url, so we don’t have any pool internally. Can I just remove only the pool part from the above iRule to forward to an external url ? Or is there any other condition to add ?

SanjayP · ‎26-Apr-2021

To forward to that destination without modifying a original URL, you need to add the pool or node.

I understand, you might not have a pool currently, but you would need to create a pool with the site IP address and enable routing (if needed) and open FW.

Alternatively, you can just send a redirect to a client to that external URL, but it would change the URL and your requirement is to keep the original URL intact in the browser if I understand it correctly.

MohanK · ‎26-Apr-2021

Yes, your understanding is correct!

I believe first option is more complex. I would try to insist for the second option.

Thank you so much for the quick reply, I’ll check with the team, how they would like to implement.

SanjayP · ‎26-Apr-2021

Do you have any issues with iRule for option#1? Once you open the connectivity from F5 to external site on port 443, it should work. If you got any specific issues let us know.

In case you want to go ahead with option#2 of issuing a redirect to client. Below would be the iRule.

when HTTP_REQUEST {    
    if { ( [HTTP::cookie exists Experience] ) } {
     HTTP::respond 301 Location "https://def.site.com/home"
    }  else {
	 return
	}      
}

MohanK · ‎26-Apr-2021

The First iRule you provided pretty match with our requirement except the pool pointing, which I believe difficult to solve by enabling routing, I’ll try to look at the routing part and firewall and see if that possible to fix, which I meant more complex not your iRule 😊 and thank you for the redirect iRule as well.

Yes, I’ll definitely let you know the outcome, most probably we will try this coming week or next.

DevCentral

Reverse Proxy using Cookie in iRule or Policy

Khoros Kudos Award 2022