Forum Discussion
Reverse Proxy using Cookie in iRule or Policy
Hello,
We need to add below irules/policy for google cloud reverse proxy:
1. The application will drop a cookie on the first request of https://abc.site.com
2. The LTM needs to detect this cookie when it intercepts the request. based on the cookie the request needs to be reverse proxy to a google cloud URL without changing the actual application URL.
Example:
Cookie name: Experience.
1. If the cookie exist:
abc.site.com -> def.site.com/home
Note: the URL in the browser should still be https://abc.site.com
2. If the cookie doesn't exist
https://abc.site.com no changes
Create a pool for Google Cloud destination. Modify iRule with pool name accordingly.
when HTTP_REQUEST { if { ( [HTTP::cookie exists Experience] ) } { HTTP::header replace "Host" "def.site.com" HTTP::uri /home pool def.site.com_pool } else { return } }
- spalandeNacreous
Create a pool for Google Cloud destination. Modify iRule with pool name accordingly.
when HTTP_REQUEST { if { ( [HTTP::cookie exists Experience] ) } { HTTP::header replace "Host" "def.site.com" HTTP::uri /home pool def.site.com_pool } else { return } }
- MohanKAltostratus
Awesome! Thank you Sanjay. I'll Test and get back to you :)
- MohanKAltostratus
Sanjay,
At this moment I'm selecting, this as a best answer.
I also have one more query - Pool member is going to be an external VIP Address, does it respond to health monitor just like all other server node ?
- MohanKAltostratus
This rule worked, as exactly what we expected, I have added few other parameters for the special requirement. Thank you so much again, Sanjay :)
- MohanKAltostratus
Sanjay, actually https://def.site.com/home is external url, so we don’t have any pool internally. Can I just remove only the pool part from the above iRule to forward to an external url ? Or is there any other condition to add ?
- spalandeNacreous
To forward to that destination without modifying a original URL, you need to add the pool or node.
I understand, you might not have a pool currently, but you would need to create a pool with the site IP address and enable routing (if needed) and open FW.
Alternatively, you can just send a redirect to a client to that external URL, but it would change the URL and your requirement is to keep the original URL intact in the browser if I understand it correctly.
- MohanKAltostratus
Yes, your understanding is correct!
I believe first option is more complex. I would try to insist for the second option.
Thank you so much for the quick reply, I’ll check with the team, how they would like to implement.
- spalandeNacreous
Do you have any issues with iRule for option#1? Once you open the connectivity from F5 to external site on port 443, it should work. If you got any specific issues let us know.
In case you want to go ahead with option#2 of issuing a redirect to client. Below would be the iRule.
when HTTP_REQUEST { if { ( [HTTP::cookie exists Experience] ) } { HTTP::respond 301 Location "https://def.site.com/home" } else { return } }
- MohanKAltostratus
The First iRule you provided pretty match with our requirement except the pool pointing, which I believe difficult to solve by enabling routing, I’ll try to look at the routing part and firewall and see if that possible to fix, which I meant more complex not your iRule 😊 and thank you for the redirect iRule as well.
Yes, I’ll definitely let you know the outcome, most probably we will try this coming week or next.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com