Redirect TLS 1.1/1.2 clients & Append the incoming URL to the redirect target
This is probably simpler than I'm trying to accomplish. I can't seem to get it working unfortunately. Any assistance would be appreciated. Summary Goal is to trigger a redirect for TLS 1.1/1.2 clients andAppend the incoming URL to the redirect (Testing out just the redirect first before I add more criteria) Example Inbound HTTPS Request https://abc.com/URIexample/abc/login?service=https%3A%2F%2website.domain.com Redirect to HTTP(S) External Internet Site https://xyz.com/random/random/warn.html?source=https://aaa.domainexample.com/blah/login?service=https%3A%2F Detail on redirect Redirect to ----> add "source=" AND append source URI addingSolved1.6KViews0likes4Commentsirule uri traffic redirection failing
Hello team, I have to implement an irule to redirect traffic based on URL. So i made following code: when HTTP_REQUEST { if { [HTTP::uri] starts_with "/specialurl" } { snatpool /NAT_Outside pool /Apps_pool log local0. "[IP::client_addr] Ingreso a [HTTP::uri]" } } The irule works fine, but the owner of the application says that when the app (programed in ajax) call's another uri of the website, the service get stucked in the pool "/App_pool". I tried with ltm policy and have same behavior. Any one had have any similar case?Solved1.2KViews0likes8CommentsLTM Rewrite Profile for URI Translation
Anyone having success with this? I tried setting this up and cannot get it to work. My setup is a LTM VS with an APM policy applied. I created the rewrite profile from the LTM section and setup a URI/Server combination like: /SO_SO_IN --> https://backendserver.sample.com/my/new/uri/is/this I have an iRule setup for logging only and have events in to follow through the process. One of the events I have is the REWRITE_REQUEST_DONE and I never see it get triggered and the outgoing URL to the pool has the same host and uri in it. I am using this URL to get the image for the LTM/APM flow: https://devcentral.f5.com/articles/http-event-order-access-policy-manager Any thoughts for iRule logging to see if the rewrite profile is even being evaluated? I have set the APM log to debug and it looks like once it passes the ACL validation it passes straight back into the LTM. I have learned more about the F5 this week than I ever thought I would trying to figure this out and an issue with the LTM handing off to the APM when dealing with HTTP POST larger than around 64k.1.1KViews0likes10CommentsiRule Query String Match and Redirect
I seem to be having difficulty finding too much on this and maybe it is as simple as it is, I am looking to perform a URI match with a few particular query strings and redirect to another website if the request is found. I have found a few articles indicating using a datagroup but this seems a bit excessive for the task I am looking at. Example: https://www.thedomain.com/dir1/index.html?newpath=Name1 -> https://www.newdomain.com/dir1/index.html?newpath=Name1 Is this as simple as something like: when HTTP_REQUEST { if { ( [string tolower [HTTP::host]] equals "www.thedomain.com" ) and ( [string tolower [HTTP::uri]] ends_with "Name1" ) } { HTTP::redirect "http://www.newdomain.com[HTTP::uri]" } } Will the query string after the "?" be picked up and carried over with [HTTP::uri]?1.1KViews0likes3CommentsLTM - Proxypass for a single URI with content response rewrite
I'm trying to publish an internal website (xpto.company.local/originalfile.php) but I want to present it to the customer as xpto.company.com/index.php. I can do the URL rewrite (request and response) but i can't figure out how to rewrite the content so that the customer can call xpto.company.com/index.php?option=1 and the LTM forwards it to xpto.company.local/originalfile.php?option=1. I'm also having no luck rewritting the response from the server (payload) on the LTM to change the internal url's to external ones. I've looked into proxypass but all the documentation and examples only talk about folders and not files. Any help would be appreciated. The LTM is with v13.Solved956Views0likes2CommentsForward with specific URI to pool without changing URL
Hi, DevCentral community! I've been checking the forum and trying different answers from the community for other requests, but I haven't been able to do what I need to do, this is the scenario: The client wants to receive the content of http://abc.com/xyz-xyz when he accesses through http://abc.com In short, I need to forward the traffic to the pool with the URI /xyz-xyz but the URL has to be static as http://abc.com Could anyone help me with the iRule? when HTTP_REQUEST { if { ([HTTP::host] eq "abc.com") } { if { ([HTTP::uri] equals "/") } { HTTP::uri "/xyz-xyz" } pool Client-pool text } } Thank all of you for your help and your time!Solved741Views0likes3CommentsSorry page redirect
Im trying to set up an iRule that will redirect traffic to an IIS server when there are no active pool members. I have the basics working. However the sorry page will only display properly the first time if there is a uri. If the user refreshes the page or tries a different uri they get a 404. when HTTP_REQUEST { if { [active_members [LB::server pool]] < 1} { HTTP::uri "/" pool /ESI/solr.erp-pool } } How would i configure this irule to apply every time the user refreshes the page or hits the url again?739Views0likes8CommentsHTTP::uri causes malformed URI
We are using the HTTP::uri command in an iRule to set a prefix on the given URI, and following the prefix example given in the F5 official documentation shown here: https://clouddocs.f5.com/cli/tmsh-reference/latest/modules/ltm/ltm_rule_command_HTTP_uri.html The exact iRule we're using is this: when HTTP_REQUEST { set uri [string tolower [HTTP::uri]] if { $uri starts_with "/firstPath/" or $uri contains "/secondPath" }{ HTTP::uri /thirdPath[HTTP::uri] pool poolA } elseif { not ([HTTP::uri] starts_with "/otherPath") } { HTTP::uri /otherPath[HTTP::uri] pool poolB } } This works as expected, except one request from a single known source results in a bad URI. The elseif part that applies the prefix is the part that isn't working consistently. We've had this occur in two different environments across different LTMs on the same type of request. The provided request URL is something like: https://www.company.com/foo/bar We expect the URI to be rewritten as: /otherPath/foo/bar But in fact the rewritten URI ends up as: /otherPathhttps:/www.company.com/foo/bar This specific request is coming in as POST HTTP/1.0. I'm not a network engineer so I don't know if there's anything somewhere else on the LTM that would be affecting this type of request, or if there's something else this specific request could be hiding that would cause the iRule to behave this way. The LTMs are all running version 15.1.3.1.688Views0likes2CommentsWorking without trailing slash in LTM rewrite profile URI rules
Hi, I am trying to implement simple reverse proxy with load balancing based on URI path. Here is the example: F5 VIP 1 listening to main.example.com:80 - default HTTP to HTTPS redirect iRule is applied F5 VIP 2 listening to main.example.com:443 App server 1 listening to foo.example.com:443 App server 2 listening to bar.example.com:443 App server 3 listening to portal.example.com:443 Rewriting rules and load balancing rules examples: https://main.example.com -> https://portal.example.com/src/portal/ (App server 3) https://main.example.com/aa/ -> https://foo.example.com/aa/ (App server 1) https://main.example.com/bb/cc/ -> https://foo.example.com/bb/cc/ (App server 1) https://main.example.com/dd/ -> https://bar.example.com/dd/ (App server 2) https://main.example.com/dd -> https://bar.example.com/dd/ (App server 2) So basically there are 3 different back end app servers, each listening on different virtual host, and client requests should be redirected to these servers based on the URI path, while the host part of the URL must also be rewritten in all headers and whole HTML content. End user must always see only main.example.com in their browser's address field. In prior TMOS versions there was the ProxyPass iRule used for such functionality. But since my case is not too complicated and I am running 11.6, there is a way to supplement ProxyPass functionality with build in features: LTM Rewrite profile and LTM policy. I do the necessary URI rewrite in rewrite profile via URI rules and request forward in LTM policy rules. Everything works just fine, except one small annoying thing. Users want to have the option to ignore the trailing slash in URI path when calling a default resource within a directory. So for example, they want to be able to call main.example.com/dd and get the default resource from the /dd/ directory. My problem is that LTM rewrite profile does not allow me to specify URI rules without a slash at the end of URI. And without it, the whole concept does not work. Because when the user calls main.example.com/dd, F5 does not match this request to any URI rewrite rules, hence the host part stays "main" instead of being rewritten to "bar". The LTM policy actually forwards the request to correct app server because in the LTM policy I am able to declare a condition "if URI path begins with /dd". But the app server 2 does not accept request for virtual host 'main'. So I get an error. And I cannot do the URL rewrite in LTM policy. I need to rewrite all links in headers, cookies and content, so I need to use LTM rewrite profile to accomplish all that. Also something like 'main.example.com/zz' can be a legitimate request for a file called 'zz' inside the root directory of app server. So the F5 needs to be able to rewrite also requests without trailing slash and catch the HTTP redirects, rewrite them accordingly also in HTTP responses. Blindly inserting '/' at the end of each request is hence not possible. Any idea would be much appreciated! Thanks.672Views0likes1Comment