Missing Certificate after redirect
We have a requirement for any calls coming into https://abc.comto be redirected to Azure APIM https://apim-xyz.com/api A simple following rule has been setup in F5 for calls coming intohttps://abc.com when HTTP_REQUEST { HTTP::respond 307 Location "https://apim-xyz.com/api" } But the problem we are facing is with client certificate. After the redirect, the client certificate is no longer available and new URL"https://apim-xyz.com/api"is not able to validate the request. We have no control over the client. We can control F5, redirect and server. Any help would be greatly appreciated.F5 redirect
Hi! I have 2 F5s active standby clusterBIG-IP 16.1.3 build 0.0.12 and I have a VServer called: xyz.acme.com:443. It's public internet facing, with public cert imported as a server profile - works fine. Now I got a request to have this VServer under 2 urls: xyz.acme.com z.acme.com We did DNS alias - this works fine butI have cert only for the first one. The business does not want to buy another cert for the 2nd url if possible (let's encrypt, and other like this are out of the question). Is it possible to do redirect from z.acme.com to xyz.acme.com without buying new cert?
ProxyPass Appending "/" to URI 404 Error
Hey All, Need a bit of assistance here, thinking this should be an easy fix but I can't figure it out. Testing out the ProxyPass iRule so that when the end users enters a URL they get redirected but the URL remains the same from their perspective. ProxyPass is working but it's appending a "/" at the end of the URI and that path isn't on the server. Here are the debug logs: Mar 6 22:51:39 local/tmm info tmm[4929]: Rule devpasswordreset.environment.dev : devpasswordreset.environment.dev_443: 10.10.10.10:55759 -> 172.30.25.84:443 Mar 6 22:51:39 local/tmm info tmm[4929]: Rule devpasswordreset.environment.dev : VS=devpasswordreset.environment.dev_443, Host=devpasswordreset.environment.dev, URI=/: Found Rule, Client Host=devpasswordreset.environment.dev, Client Path=, Server Host=devpasswordreset.environment.dev, Server Path=/rdweb/pages/en-us/devpassword.aspx Mar 6 22:51:39 local/tmm info tmm[4929]: Rule devpasswordreset.environment.dev : VS=devpasswordreset.environment.dev_443, Host=devpasswordreset.environment.dev, URI=/: Using default pool devpasswordreset.environment.dev_80 Mar 6 22:51:39 local/tmm info tmm[4929]: Rule devpasswordreset.environment.dev : VS=devpasswordreset.environment.dev_443, Host=devpasswordreset.environment.dev, URI=/: New Host=devpasswordreset.environment.dev, New Path=/rdweb/pages/en-us/devpassword.aspx/ Mar 6 22:51:39 local/tmm info tmm[4929]: Rule devpasswordreset.environment.dev : VS=devpasswordreset.environment.dev_443, Host=devpasswordreset.environment.dev, URI=/: Removed Accept-Encoding header Mar 6 22:51:39 local/tmm info tmm[4929]: Rule devpasswordreset.environment.dev : VS=devpasswordreset.environment.dev_443, Host=devpasswordreset.environment.dev, URI=/: 404 response from devpasswordreset.environment.dev_80 172.30.26.98 80 Mar 6 22:51:39 local/tmm info tmm[4929]: Rule devpasswordreset.environment.dev : VS=devpasswordreset.environment.dev_443, Host=devpasswordreset.environment.dev, URI=/: $stream_expression_cmd: STREAM::expression "@devpasswordreset.environment.dev/rdweb/pages/en-us/devpassword.aspx@devpasswordreset.environment.dev@ @/rdweb/pages/en-us/devpassword.aspx@@", $stream_enable_cmd: STREAM::enable Mar 6 22:51:39 local/tmm info tmm[4929]: Rule devpasswordreset.environment.dev : VS=devpasswordreset.environment.dev_443, Host=devpasswordreset.environment.dev, URI=/: Successfully configured and enabled stream filter Mar 6 22:51:39 local/tmm info tmm[4929]: Rule devpasswordreset.environment.dev : VS=devpasswordreset.environment.dev_443, Host=devpasswordreset.environment.dev, URI=/: Checking Location=, $protocol= Mar 6 22:51:39 local/tmm info tmm[4929]: Rule devpasswordreset.environment.dev : VS=devpasswordreset.environment.dev_443, Host=devpasswordreset.environment.dev, URI=/: Checking Content-Location=, $protocol= Mar 6 22:51:39 local/tmm info tmm[4929]: Rule devpasswordreset.environment.dev : VS=devpasswordreset.environment.dev_443, Host=devpasswordreset.environment.dev, URI=/: Checking URI=, $protocol= Here's a packet capture of the server side: Is there anything I need to tweak to keep this from happening? Thanks, BrianSimple Logout redirect irule
I have some sites that I need to redirect to an external URL. I have figured that out with an irule when HTTP_REQUEST { HTTP::redirect "https://OTHERSITE.com[HTTP::uri]" } On the external sites there is a "logout" button and that needs to hit a static web page that I have set up on the BIG-IP. So if a user goes to www.example.com they get redirected to www.othersite.com. While on www.othersite.com if they click logout it sends them back to www.example.com/Logout.html. I setup an irule and applied it to the same virtual server above the first redirect iRule. My thought is that the "www.example.com/Logout.html" is a specific URL so if the F5 sees that then to redirect it to the apology page, but if it sees anything else to just send it to the "OTHERSITE.COM" url. I'm sure I'm missing something but here's my other irule. when HTTP_REQUEST { if { ([HTTP::host] equals "http://example.com/Logout.html") } { "/generic_apology_pic.jpg" { HTTP::respond 200 content [ifile get "generic_apology_pic.jpg"] } default { HTTP::respond 200 content [ifile get "generic_apology.htm"] } } } } I probably wrote this as confusing as possible, but very simply I need to redirect all traffic to www.example.com to www.othersite.com, unless it's going to www.example.com/Logout.html, at which point I need to display a page that is hosted on the F5. Thanks in advance, David301 Redirect Using Data Group External File
This should be easy...and I see some posts on it, but I can't seem to get it to work. We were given a list of hundreds of URL's that need 301 redirects. The host and URI in most cases is entirely different and unique so I can't just wildcard a redirect for everything to a single destination. example: https://oldsite.com/pdf/111 --> http://newsite.com/doc/222 https://oldsite.com/jpg/222 --> http://newsite.com/bmp/111 etc. I have all of the old site to new site mappings and I read another post that said I should create an external data group as a string that has := as the separator, so I have a datagroup called "testuri" and it looks like this: "; := "; And I have an irule that says: when HTTP_REQUEST { if {[set code_url [class match -value -- [string tolower [HTTP::host][HTTP::uri]] equals testuri]] ne ""}{ HTTP::respond [getfield code_url " " 1] Location [getfield code_url " " 2] } } ...but it doesn't work. In the end all I need is an irule that looks for the inbound request and if it's in the data group then returns the new value that it should be mapped to. This seems simple, but it's turning not to be as simple as I had hoped.
iRule Query String Match and Redirect
I seem to be having difficulty finding too much on this and maybe it is as simple as it is, I am looking to perform a URI match with a few particular query strings and redirect to another website if the request is found. I have found a few articles indicating using a datagroup but this seems a bit excessive for the task I am looking at. Example: https://www.thedomain.com/dir1/index.html?newpath=Name1 -> https://www.newdomain.com/dir1/index.html?newpath=Name1 Is this as simple as something like: when HTTP_REQUEST { if { ( [string tolower [HTTP::host]] equals "www.thedomain.com" ) and ( [string tolower [HTTP::uri]] ends_with "Name1" ) } { HTTP::redirect "http://www.newdomain.com[HTTP::uri]" } } Will the query string after the "?" be picked up and carried over with [HTTP::uri]?URL redirection with retaining the original on browsers
Hi All, I have a requirement whereby the user would try to access www.test.com but it needs to be redirected to www.test.abc.com, which is hosted in our environment. Business doesn't want to publish our brand name abc.com and therefore requested to retain only www.test.com in end user browsers. Is there a way to achieve this using iRules ? Quick response is highly appreciated. Thanks in advance, Sai
