cancel
Showing results for 
Search instead for 
Did you mean: 

Working without trailing slash in LTM rewrite profile URI rules

Martin_Vlasko
Altocumulus
Altocumulus

Hi,

 

I am trying to implement simple reverse proxy with load balancing based on URI path. Here is the example:

 

  • F5 VIP 1 listening to main.example.com:80 - default HTTP to HTTPS redirect iRule is applied
  • F5 VIP 2 listening to main.example.com:443
  • App server 1 listening to foo.example.com:443
  • App server 2 listening to bar.example.com:443
  • App server 3 listening to portal.example.com:443

Rewriting rules and load balancing rules examples:

 

  1. https://main.example.com -> https://portal.example.com/src/portal/ (App server 3)
  2. https://main.example.com/aa/ -> https://foo.example.com/aa/ (App server 1)
  3. https://main.example.com/bb/cc/ -> https://foo.example.com/bb/cc/ (App server 1)
  4. https://main.example.com/dd/ -> https://bar.example.com/dd/ (App server 2)
  5. https://main.example.com/dd -> https://bar.example.com/dd/ (App server 2)

So basically there are 3 different back end app servers, each listening on different virtual host, and client requests should be redirected to these servers based on the URI path, while the host part of the URL must also be rewritten in all headers and whole HTML content.

 

End user must always see only main.example.com in their browser's address field.

 

In prior TMOS versions there was the ProxyPass iRule used for such functionality. But since my case is not too complicated and I am running 11.6, there is a way to supplement ProxyPass functionality with build in features: LTM Rewrite profile and LTM policy.

 

I do the necessary URI rewrite in rewrite profile via URI rules and request forward in LTM policy rules.

 

Everything works just fine, except one small annoying thing.

 

Users want to have the option to ignore the trailing slash in URI path when calling a default resource within a directory. So for example, they want to be able to call main.example.com/dd and get the default resource from the /dd/ directory.

 

My problem is that LTM rewrite profile does not allow me to specify URI rules without a slash at the end of URI.

 

And without it, the whole concept does not work. Because when the user calls main.example.com/dd, F5 does not match this request to any URI rewrite rules, hence the host part stays "main" instead of being rewritten to "bar". The LTM policy actually forwards the request to correct app server because in the LTM policy I am able to declare a condition "if URI path begins with /dd". But the app server 2 does not accept request for virtual host 'main'. So I get an error.

 

And I cannot do the URL rewrite in LTM policy. I need to rewrite all links in headers, cookies and content, so I need to use LTM rewrite profile to accomplish all that.

 

Also something like 'main.example.com/zz' can be a legitimate request for a file called 'zz' inside the root directory of app server. So the F5 needs to be able to rewrite also requests without trailing slash and catch the HTTP redirects, rewrite them accordingly also in HTTP responses. Blindly inserting '/' at the end of each request is hence not possible.

 

Any idea would be much appreciated!

 

Thanks.

 

1 REPLY 1

Stanislas_Piro2
Cumulonimbus
Cumulonimbus

Hi,

 

in HTTP, https://main.example.com/dd and https://main.example.com/dd/ are not the same and must not be handled with same behavior.

 

If you rewrite https://main.example.com/dd to https://bar.example.com/dd/ and there is a relative link like a href=logo.png with real path https://bar.example.com/dd/logo.png, the client will request https://bar.example.com/logo.png because of this rewrite.

 

If you want https://main.example.com/dd to be rewritten to https://bar.example.com/dd/, the best solution is to add a policy rule which redirect /dd to /dd/. it will next match the rewrite rule.