How to rewrite a path to a backend service dropping the prefix and passing the remaining path?
Hello, I am not sure whether my posting is appropriate in this area, so please delete it if there is a violation of posting rules... This must be a common task, but I cannot figure out how to do the following fanout rewrite in our nginx ingress: http://abcccc.com/httpbin/anything-> /anything (the httpbin backend service) When I create the following ingress with a path of '/' and send the query, I receive a proper response. curl -I -k http://abczzz.com/anything apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: mikie-ingress namespace: mikie spec: ingressClassName: nginx rules: - host: abczzz.com http: paths: - path: / pathType: Prefix backend: service: name: httpbin-service port: number: 8999 What I really need is to be able to redirect to different services off of this single host, so I changed the ingress to the following, but the query always fails with a 404. Basically, I want the /httpbin to disappear and pass the path onto the backend service, httpbin. curl -I -k http://abczzz.com/httpbin/anything apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: mikie-ingress namespace: mikie annotations: nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: ingressClassName: nginx rules: - host: abczzz.com http: paths: - path: /httpbin(/|$)(.*) pathType: Prefix backend: service: name: httpbin-service port: number: 8999 Thank you for your time and interest, Mike
Rewrite http:// to https:// in response content
Problem this snippet solves: (Maybe I missed it, but) I didn't see a code share for using a STREAM profile to rewrite content from http to https. This share is just to make it easier to find a simple iRule to replace http:// links in page content to https://. It's taken directly from the STREAM::expression Wiki page. How to use this snippet: You'll need to assign a STREAM profile to you virtual server in order for this to work (just create an empty stream profile and assign it). Code : # Example which replaces http:// with https:// in response content # Prevents server compression in responses when HTTP_REQUEST { # Disable the stream filter for all requests STREAM::disable # LTM does not uncompress response content, so if the server has compression enabled # and it cannot be disabled on the server, we can prevent the server from # sending a compressed response by removing the compression offerings from the client HTTP::header remove "Accept-Encoding" } when HTTP_RESPONSE { # Check if response type is text if {[HTTP::header value Content-Type] contains "text"}{ # Replace http:// with https:// STREAM::expression {@http://@https://@} # Enable the stream filter for this response only STREAM::enable } } Tested this on version: 11.5
LTM Rewrite Profile for URI Translation
Anyone having success with this? I tried setting this up and cannot get it to work. My setup is a LTM VS with an APM policy applied. I created the rewrite profile from the LTM section and setup a URI/Server combination like: /SO_SO_IN --> https://backendserver.sample.com/my/new/uri/is/this I have an iRule setup for logging only and have events in to follow through the process. One of the events I have is the REWRITE_REQUEST_DONE and I never see it get triggered and the outgoing URL to the pool has the same host and uri in it. I am using this URL to get the image for the LTM/APM flow: https://devcentral.f5.com/articles/http-event-order-access-policy-manager Any thoughts for iRule logging to see if the rewrite profile is even being evaluated? I have set the APM log to debug and it looks like once it passes the ACL validation it passes straight back into the LTM. I have learned more about the F5 this week than I ever thought I would trying to figure this out and an issue with the LTM handing off to the APM when dealing with HTTP POST larger than around 64k.
Load Balance to FQDN Not Working
Hi All, I have an environment that is set up on my F5 using a combination of Rewrite Profiles and iRules to achieve a reverse proxy setup. This works well. I have a request to add an additional rewrite mapping but this time they want it to load balance to a FQDN in the cloud. The F5 is set up for DNS and I can add an FQDN pool which populates the ephemeral nodes, but these show down and I can never get them to come up despite DNS resolving them correctly. I have the URL rule added to the existing rewrite profile (client: /api/search/ server: /search/ and then an iRule that states: elseif { [string tolower [HTTP::uri]] starts_with "/api/search" } { pool ProxyPass_Pool_4 But I can't get the FQDN pool to function. What am I missing? Thanks!
URL Rewrite using local traffic policy
I am looking to use a local traffic policy instead of a iRule (if possible). We want to rewrite the URI portion of incoming requests as they are presented to the inside web host. Outside: https://www.domain.com/something/prod/something/something Inside: https://www.domain.com/something/something I see the action when creating a policy to REPLACE a portion of the URI. I set it to match "/prod" and replace "" blank field. I also tried to match "/something/prod" and replace with "/something". Neither option seems to work. Is this the correct way to handle this? What is the best way to see how it is getting rewritten if you do not have direct access to web server? Thanks!
Stream matched rewrite irule statistics
We have a rewrite irule that uses stream match to rewrite hostnames etc. For decomissioning purposes we woud like to generate a report showing which requests (urls) are using the irule and the results of rewrite. The report should have columns like matched, replacewith, fromURI, count when ACCESS_ACL_ALLOWED { #STREAM::disable #HTTP::header remove "Accept-Encoding" #log local0. "[IP::client_addr] is accessing and we are removing Accept-Encoding" } when CLIENT_ACCEPTED { ACCESS::restrict_irule_events enable } when HTTP_REQUEST { STREAM::disable HTTP::header remove "Accept-Encoding" set http_uri "https://[HTTP::host][HTTP::uri]" } when HTTP_RESPONSE { # Check if response type is text if {([HTTP::header value Content-Type] contains "text") || ([HTTP::header value Content-Type] contains "json")}{ STREAM::expression {@https?:\/\/([^\/\"]*\.)*city\.council\.com@replace_me@} # Enable the stream filter for this response only STREAM::enable } } when STREAM_MATCHED { #log local0. "Debug1: STREAM_MATCHED" set CHECK [class match -value [string tolower [STREAM::match]] starts_with URI_department.city.council.com_no_rewrite] if { $CHECK == "1" } { #log local0. "found exception for [STREAM::match]" STREAM::replace [STREAM::match] } else { set RE {https:\/\/([^\/\"]*\.)*city\.council\.com} set STRING "[string map {http:// https://} [STREAM::match]]" set SUBST "https://\\1department.city.council.com if {! ($STRING contains "intranett") } { # we need to insert intranett set STRING "[regsub -all $RE $STRING $SUBST ]" } #log local3. "[IP::client_addr]:[TCP::local_port]: matched: '[STREAM::match]', replaced with: '$STRING', from URI: $http_uri" STREAM::replace $STRING #if { ! ($STRING == [STREAM::match]) } { # } } }
Working without trailing slash in LTM rewrite profile URI rules
Hi, I am trying to implement simple reverse proxy with load balancing based on URI path. Here is the example: F5 VIP 1 listening to main.example.com:80 - default HTTP to HTTPS redirect iRule is applied F5 VIP 2 listening to main.example.com:443 App server 1 listening to foo.example.com:443 App server 2 listening to bar.example.com:443 App server 3 listening to portal.example.com:443 Rewriting rules and load balancing rules examples: https://main.example.com -> https://portal.example.com/src/portal/ (App server 3) https://main.example.com/aa/ -> https://foo.example.com/aa/ (App server 1) https://main.example.com/bb/cc/ -> https://foo.example.com/bb/cc/ (App server 1) https://main.example.com/dd/ -> https://bar.example.com/dd/ (App server 2) https://main.example.com/dd -> https://bar.example.com/dd/ (App server 2) So basically there are 3 different back end app servers, each listening on different virtual host, and client requests should be redirected to these servers based on the URI path, while the host part of the URL must also be rewritten in all headers and whole HTML content. End user must always see only main.example.com in their browser's address field. In prior TMOS versions there was the ProxyPass iRule used for such functionality. But since my case is not too complicated and I am running 11.6, there is a way to supplement ProxyPass functionality with build in features: LTM Rewrite profile and LTM policy. I do the necessary URI rewrite in rewrite profile via URI rules and request forward in LTM policy rules. Everything works just fine, except one small annoying thing. Users want to have the option to ignore the trailing slash in URI path when calling a default resource within a directory. So for example, they want to be able to call main.example.com/dd and get the default resource from the /dd/ directory. My problem is that LTM rewrite profile does not allow me to specify URI rules without a slash at the end of URI. And without it, the whole concept does not work. Because when the user calls main.example.com/dd, F5 does not match this request to any URI rewrite rules, hence the host part stays "main" instead of being rewritten to "bar". The LTM policy actually forwards the request to correct app server because in the LTM policy I am able to declare a condition "if URI path begins with /dd". But the app server 2 does not accept request for virtual host 'main'. So I get an error. And I cannot do the URL rewrite in LTM policy. I need to rewrite all links in headers, cookies and content, so I need to use LTM rewrite profile to accomplish all that. Also something like 'main.example.com/zz' can be a legitimate request for a file called 'zz' inside the root directory of app server. So the F5 needs to be able to rewrite also requests without trailing slash and catch the HTTP redirects, rewrite them accordingly also in HTTP responses. Blindly inserting '/' at the end of each request is hence not possible. Any idea would be much appreciated! Thanks.