cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Reverse Proxy using Cookie in iRule or Policy

MohanK
Altostratus
Altostratus

Hello,

 

We need to add below irules/policy for google cloud reverse proxy:

 

1. The application will drop a cookie on the first request of https://abc.site.com

2. The LTM needs to detect this cookie when it intercepts the request. based on the cookie the request needs to be reverse proxy to a google cloud URL without changing the actual application URL.

 

Example:

Cookie name: Experience.

 

1. If the cookie exist:

 

abc.site.com -> def.site.com/home

 

Note: the URL in the browser should still be https://abc.site.com

 

2. If the cookie doesn't exist

 

https://abc.site.com no changes

1 ACCEPTED SOLUTION

SanjayP
MVP
MVP

Create a pool for Google Cloud destination. Modify iRule with pool name accordingly.

 

when HTTP_REQUEST { if { ( [HTTP::cookie exists Experience] ) } { HTTP::header replace "Host" "def.site.com" HTTP::uri /home pool def.site.com_pool } else { return } }

 

View solution in original post

9 REPLIES 9

SanjayP
MVP
MVP

Create a pool for Google Cloud destination. Modify iRule with pool name accordingly.

 

when HTTP_REQUEST { if { ( [HTTP::cookie exists Experience] ) } { HTTP::header replace "Host" "def.site.com" HTTP::uri /home pool def.site.com_pool } else { return } }

 

Awesome! Thank you Sanjay. I'll Test and get back to you 🙂

Sanjay,

 

At this moment I'm selecting, this as a best answer.

I also have one more query - Pool member is going to be an external VIP Address, does it respond to health monitor just like all other server node ?

This rule worked, as exactly what we expected, I have added few other parameters for the special requirement. Thank you so much again, Sanjay 🙂

MohanK
Altostratus
Altostratus

Sanjay, actually https://def.site.com/home is external url, so we don’t have any pool internally. Can I just remove only the pool part from the above iRule to forward to an external url ? Or is there any other condition to add ?

To forward to that destination without modifying a original URL, you need to add the pool or node.

I understand, you might not have a pool currently, but you would need to create a pool with the site IP address and enable routing (if needed) and open FW.

Alternatively, you can just send a redirect to a client to that external URL, but it would change the URL and your requirement is to keep the original URL intact in the browser if I understand it correctly.​

MohanK
Altostratus
Altostratus

Yes, your understanding is correct!

 

I believe first option is more complex. I would try to insist for the second option.

 

Thank you so much for the quick reply, I’ll check with the team, how they would like to implement.

 

Do you have any issues with iRule for option#1? Once you open the connectivity from F5 to external site on port 443, it should work. If you got any specific issues let us know.

In case you want to go ahead with option#2 of issuing a redirect to client. Below would be the iRule.

 

when HTTP_REQUEST { if { ( [HTTP::cookie exists Experience] ) } { HTTP::respond 301 Location "https://def.site.com/home" } else { return } }

MohanK
Altostratus
Altostratus

The First iRule you provided pretty match with our requirement except the pool pointing, which I believe difficult to solve by enabling routing, I’ll try to look at the routing part and firewall and see if that possible to fix, which I meant more complex not your iRule 😊 and thank you for the redirect iRule as well.

 

Yes, I’ll definitely let you know the outcome, most probably we will try this coming week or next.