The issue resolved when i changed pool members from DEX to NGINX (using the same irule) since rewrite host name locate in NGINX. Thanks a lot for your support.
Hi @Hien_Truong, it looks like you just need to rewrite the host header inbound? If you want this to be fairly dumb, you can do something like:
when HTTP_REQUEST {
if { [HTTP::host] == "abc-cd.ef.com" } {
HTTP::header replace Host "cd.ef.com"
}
}
If it needs to be dynamic, there are multiple options depending on what the patterns would be. I'll assume a pattern of: nnn-cd.ef.com for the following solution:
when HTTP_REQUEST {
# assumes that port 80 is used for http or 443 for https
# if non-std ports, use contains instead of ends_with
if { [HTTP::host] ends_with "-cd.ef.com" } {
HTTP::header replace Host [getfield [HTTP::host] "-" 2]
}
}
If this is not the actual pattern of your hosts that you want to manipulate, post back and we can work on an alternative. untested, make sure to do so in a lab.
i tried both of your irules using my browser but i get 404 return. it mean somehow it doesn't hit irule when applying it to F5 then F5 send the request to pool members and get 404 error. i also tried the below irule but still not working. i see "get" method in console. Please advise. Thanks
if https. you need to set the SNI values in the SSL profiles or via Irule. for testing add a log line so you know if the rules it hit and what things are being set to. also web server logs will show what being passed to it. there is a few irules examples aroubd on how to log all html headers.
"host" is the header you need to changes. the two you listed are just for reference.
we don't need SNI since both domain names are in different VS. i tried all of irule samples but allways get 404 from server. From curl -vks https://abc-cd.ef.com output, i don't see the header changed. to cd.ef.com. i will add log line to debug it. Any more advise why the irule or rewrite profile not working to replace other domain? thanks
F5 has a bug where SNI "server side" is set using the data in the client TCP packet. thus you migh have to set "server name" in server side SSL profiles. If you are tring to send to two different servers with different host names. you might need two SNI server profiles with different "server name" and use a irules to select the correct on.
i some times use curl on the Ff5 itself to see what the server (pool member) will and will not accpet. something like "curl -vk --header "Host: change_fqdn" --resolve old_FQDN:443:pool_member https://old_FQDN/" when this work then you know what to set in the irule.
The issue resolved when i changed pool members from DEX to NGINX (using the same irule) since rewrite host name locate in NGINX. Thanks a lot for your support.
@Hien_Truong - I accepted your answer as the solution. If any of the replies from @Kerry and @JRahm were part of that solution feel free to accept those as well - it is ok to select more than one. If something else should be chosen (other than yours) you can un-select my choice too.
