cancel
Showing results for 
Search instead for 
Did you mean: 

Source IP redirect, change host, uri and change to 443

phipse
Altostratus
Altostratus

 

I'm using BIG-IP LTM

 

I have a VIP on port 4001 taking external connections, this goes to a pool with a client SSL cert.

 

I am trying to "route" to a different destination based on the source IP address. However, I need to manipulate the uri as well.

 

I have tried this via an iRule, but looking at the forum people are saying just use the policies section of the F5.

 

I am a network engineer by trade and I very rarely get this deep into LTM. Please can you assist? I have outputs from what I have tried below.

 

I have run packet captures and see that the request does forward, but in plain text (iRule output), so I have tried to encrypt it before sending it to the destination, but I don't think I'm doing it right.

 

pool_RTS_Azure = dev.api.comany.com:443

pool_RTS_4001 is the default pool

pool_RTS is the same as pool_RTS_4001

 

0691T000009jReZQAU.jpg 

 

 

0691T000009jRbRQAU.jpg 

 

 

0691T000009jReeQAE.jpg 

 

 

0691T000009jRcyQAE.jpg

5 REPLIES 5

Lidev
MVP
MVP

Hi phipse,

 

If you want to re-encrypts traffic on the server side by initiating a new SSL connection between the F5 BIG-IP and the web server add a SSL profile (Server) on your Virtual Server, eg severssl.

Despite this, all configuration seems OK.

 

Regards

 

Hi Lidev,

 

This isn't working. With the iRule I can not change the host entry in the URI, it just forwards the request as it is to the pool. However, the policy does seem to work, but I receive an error back from the Azure server, like it's receiving a GET request rather than a POST.

 

Thank you

Sorry, I didn't specify that I just looked at the LTM policy part. I'm not a big fan of iRules, i prefer to go through an LTM policy when I have a choice.

for HTTP method issue, it's necessary either to adjust the HTTP methods on the backend server or to modify the sent requests.

Am I right in using the ssl server part? Something doesn't feel right as we don't normally use it on our VIPs.

We're sending the body as a POST request.

It depends on what you want to do with TLS/SSL trafic ?

 

SSL Offloading (clientssl profile/no serverssl profile on virtual server) terminates SSL at the F5 and the server side traffic is non-encrypted.

SSL Bridging (clientssl profile and serverssl profile on virtual server) terminates SSL at the F5 and then re-encrypts traffic to the server side.