Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

URL Browser Mask/Hide with redirect

mj16othman
Altostratus
Altostratus

‎06-Dec-2022 11:04

 

Hello,

 

I have a URL forex.mycomp.com:443/forex this URL use some Users. 

 

to get access on sap10.company.comany.de:8445/forex on the realserver, now what I want to do is to display in the browser just forex.mycomp.com:443/forex and not to switch to sap10.company.comany.de:8445/forex, I did try to figure out, for example with the proxy pass iRule, but these are really complex things and I need help, maybe I could get a easy example iRule from someone which resolve my wishes. Other thing is I know that this use case didn't work together with a redirect ! So I search for a GOOD answer how can I solve this topic. I hope for a example iRule maybe from a User with a big knowledge in iRules, more than mine. It is all https traffic and a valid certificate is inside the VS.

0 Kudos
3 REPLIES 3

Mohamed_Ahmed_Kansoh
MVP
MVP

‎06-Dec-2022 13:47

Hi @mj16othman , 
Do you have any iRule peforms this redirection , or any other hop in your network may do this redirection ? 

Look to this issue , it is very similar to your issue : 


https://community.f5.com/t5/technical-forum/url-browser-mask-hide-with-redirect/td-p/229367

Could you please clarify more 

_______________________
Regards
Mohamed Kansoh
0 Kudos

Paulius
MVP
MVP

‎06-Dec-2022 21:42

I believe the following could be your solution but you need to make sure you have a pool configured named POOL-sap10-8445 with the appropriate pool members in it listening on port 8445 this way you don't have to feed a port location in the HOST field of the HTTP request.

 

when CLIENT_ACCEPTED {

    set DEFAULT_POOL [LB::server pool]

}

when HTTP_REQUEST {

    set HOST [string tolower [HTTP::host]]
    set URI [string tolower [HTTP::uri]]

    if { (($HOST eq "forex.mycomp.com") and ($URI eq "/forex")) } {

        set SERVER_HOST [string map -nocase { "forex.mycomp.com" "sap10.company.comany.de"} [HTTP::host]]
        
        HTTP::host $SERVER_HOST
        pool POOL_sap10_8445

    } else {
        $DEFAULT_POOL
    }

}

 This configuration also assumes that you have a default pool configured on your virtual server so that any request not matching what you are concerned with goes to that pool.

0 Kudos

Kai_Wilke
MVP
MVP

‎07-Dec-2022 06:09

Hi mj16othman,

as you already mentioned: Rewriting HTTP requests/responses and/or HTTP response payload becoming tricky, depending where the internal URLs are embedded. You can easily spend dozends of hours to figure out (slightly broken) application logic and rewrite HTTP request/responses as needed using LTM Policies or iRules.

Before you get angry or mad you may try two things:

1.) Contact the vendor/developer of the Web application and ask them: a.) If the web application can be adjusted to that it does not care which HOST-Name was used when accessing it? And b.) If site-internal redirects or internal URL references can be switched to "relative" URLs (aka. href="/somepath" instead of href="prot://hostname:port/somepath"). This is probably the best approach to solve your problem, since the web application itself would fix thier own issues.

2.) Try to use LTMs rewrite profiles to translate external/internal URIs. Compared to iRule based solutions, those rewrite profiles are easy to setup and may already solve your issues. You may still need to add some iRule code for edge cases where the rewrite profile was unable to translate. But lets see first...     

Below is a LTM config you can use as starting point...

ltm profile rewrite HTTP_Rewrite_Forex {
    app-service none
    bypass-list none
    client-caching-type cache-css-js
    defaults-from rewrite
    java-ca-file ca-bundle.crt
    java-crl none
    java-sign-key default.key
    java-sign-key-passphrase-encrypted none
    java-signer default.crt
    location-specific false
    request {
        insert-xforwarded-for enabled
        insert-xforwarded-host disabled
        insert-xforwarded-proto disabled
        rewrite-headers enabled
    }
    response {
        rewrite-content enabled
        rewrite-headers enabled
    }
    rewrite-list none
    rewrite-mode uri-translation
    split-tunneling false
    uri-rules {
        uri_1670420647794 {
            client {
                host forex.mycomp.com
                path /
                scheme https
            }
            server {
                host sap10.company.comany.de
                path /
                port 8445
                scheme https
            }
        }
    }
}
ltm profile html HTML_Rewrite_Forex {
    app-service none
    content-detection enabled
    content-selection { text/html text/xhtml }
    defaults-from html
    description none
}

Import/Rebuild the profiles into your config, then select both profiles on the VS hosting the Ferox application.

Kai_Wilke_0-1670422093137.png

HTH and Cheers, Kai


iRule can do… 😉
0 Kudos
Copyright © 2023 Khoros, LLC