cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Reverse Proxy with URL Rewrite and Application Request Routing

flyons
Nimbostratus
Nimbostratus

Hello. I'm new to BigIP and could use some help. Using my BigIP, I'm trying to implement the equivalent of IIS Reverse Proxy with URL Rewrite and Application Request Routing. I'm generally trying to implement the same functions described in this Microsoft technical article - An Internet-accessible Web server is used as a reverse-proxy server that receives Web requests and then forwards them to several intranet applications for processing.

 

Can anyone advise if there are any technical articles I can follow to complete this? Or perhaps the steps and iRules to utilize for this? Any help would be greatly appreciated!

 

 

6 REPLIES 6

xRes
Cirrus
Cirrus

I think you should start with this: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-12-1-0/17.html

Excellent, yes. I think this is exactly what I'm looking for to get me started. I'll post if I struggle with any specific configuration. Thanks!

flyons
Nimbostratus
Nimbostratus

 I have implemented the rewrite and forwarding based on the document you provided. It is definitely working but I'm having a specific issue where after I log into the backend application, the page does not fully render. Some of the page loads fine but various charts and tool bars fail to load. It appears that not everything is being rewritten?

 

Desperately seeking some advice on what could be missing.

Use DevTools in your browser to see what's going on client side. If not - then probably "tcpdump -vnni 0.0:nnnp -s0 -w /tmp/test.pcap" will give you the answer when analyzed in Wireshark 🙂

 I've been working with F5 support who has analyzed the tcpdump, but they are struggling to see what the issue is. In DevTools I can see lots of failures, and in those failures I can see the URI path is not correct (or not rewritten properly); however, the support engineer feels that DevTools is useless for this situation.

 

I have to think that this is a common issue and that perhaps something is missing from the configuration either on the virtual server or rewrite profile. Can you think of any configuration that I might be missing? Maybe Set-Cookie Rules in the Rewrite profile? Does something need to be configured to handle the backend app authentication? My Rewrite profile is pretty simple right now. Basically just the URI Translation rule with the paths, no other configurations in the profile.

 

I removed the forwarding profile and instead just pointed the virtual server directly to the pool for the backed app. This removes the forwarding policy from the equation. With this configuration it has a slightly different behavior which my expose the issue a bit more. After going through the virtual server using the rewrite, I get to the backend application login page like before. After I log in, the page begins to render like it did before. However, this time a second login window pops up and the page rendering pauses as if it needs my login to continue. It appears that the authentication from my first sign isn't recognized. It appears some extra configuration may need to be added to handle the first authentication?