Forum Discussion

MohanK's avatar
MohanK
Icon for Altostratus rankAltostratus
Apr 21, 2021

Reverse Proxy using Cookie in iRule or Policy

Hello,

 

We need to add below irules/policy for google cloud reverse proxy:

 

1. The application will drop a cookie on the first request of https://abc.site.com

2. The LTM needs to detect this cookie when it intercepts the request. based on the cookie the request needs to be reverse proxy to a google cloud URL without changing the actual application URL.

 

Example:

Cookie name: Experience.

 

1. If the cookie exist:

 

abc.site.com -> def.site.com/home

 

Note: the URL in the browser should still be https://abc.site.com

 

2. If the cookie doesn't exist

 

https://abc.site.com no changes

  • Create a pool for Google Cloud destination. Modify iRule with pool name accordingly.

    when HTTP_REQUEST {    
        if { ( [HTTP::cookie exists Experience] ) } {
         HTTP::header replace "Host" "def.site.com"	
         HTTP::uri /home
         pool def.site.com_pool	 
        }  else {
    	 return
    	}      
    }   
  • Create a pool for Google Cloud destination. Modify iRule with pool name accordingly.

    when HTTP_REQUEST {    
        if { ( [HTTP::cookie exists Experience] ) } {
         HTTP::header replace "Host" "def.site.com"	
         HTTP::uri /home
         pool def.site.com_pool	 
        }  else {
    	 return
    	}      
    }   
    • MohanK's avatar
      MohanK
      Icon for Altostratus rankAltostratus

      Awesome! Thank you Sanjay. I'll Test and get back to you :)

    • MohanK's avatar
      MohanK
      Icon for Altostratus rankAltostratus

      Sanjay,

       

      At this moment I'm selecting, this as a best answer.

      I also have one more query - Pool member is going to be an external VIP Address, does it respond to health monitor just like all other server node ?

    • MohanK's avatar
      MohanK
      Icon for Altostratus rankAltostratus

      This rule worked, as exactly what we expected, I have added few other parameters for the special requirement. Thank you so much again, Sanjay :)

  • Sanjay, actually https://def.site.com/home is external url, so we don’t have any pool internally. Can I just remove only the pool part from the above iRule to forward to an external url ? Or is there any other condition to add ?

    • spalande's avatar
      spalande
      Icon for Nacreous rankNacreous

      To forward to that destination without modifying a original URL, you need to add the pool or node.

      I understand, you might not have a pool currently, but you would need to create a pool with the site IP address and enable routing (if needed) and open FW.

      Alternatively, you can just send a redirect to a client to that external URL, but it would change the URL and your requirement is to keep the original URL intact in the browser if I understand it correctly.​

  • Yes, your understanding is correct!

     

    I believe first option is more complex. I would try to insist for the second option.

     

    Thank you so much for the quick reply, I’ll check with the team, how they would like to implement.

     

    • spalande's avatar
      spalande
      Icon for Nacreous rankNacreous

      Do you have any issues with iRule for option#1? Once you open the connectivity from F5 to external site on port 443, it should work. If you got any specific issues let us know.

      In case you want to go ahead with option#2 of issuing a redirect to client. Below would be the iRule.

      when HTTP_REQUEST {    
          if { ( [HTTP::cookie exists Experience] ) } {
           HTTP::respond 301 Location "https://def.site.com/home"
          }  else {
      	 return
      	}      
      }   

  • The First iRule you provided pretty match with our requirement except the pool pointing, which I believe difficult to solve by enabling routing, I’ll try to look at the routing part and firewall and see if that possible to fix, which I meant more complex not your iRule 😊 and thank you for the redirect iRule as well.

     

    Yes, I’ll definitely let you know the outcome, most probably we will try this coming week or next.