Forum Discussion

Mayank's avatar
Mayank
Icon for Nimbostratus rankNimbostratus
Jul 15, 2019

F5 redirect context path to APACHE Web Server.

Hi there,

 

I’m assisting one of my customer to integrate our software with F5.

 

I was told that currently, F5 is configured using the Context Path (/abc) which redirect to my application’s APACHE Web Server (abc.com.au). We are not getting much help from customer’s F5 team as was told too difficult to configure iRule in F5.

 

F5 is configured as below:

e.g. https://example.com.au/abc - > https://abc.com.au:443

 

My abc.com.au Application is installed and configured based on abc.com.au (APACHE and TOMCAT) host name.

 

So to login to my abc.com.au application end user uses https://example.com.au/abc/login (/login is my application’s context path)

 

Now, back end APACHE is configured as below which make a connection to TOMCAT:

 

ProxyPass /login balancer://abc.com.au_Cluster/login

ProxyPassReverse /login balancer://172.31.16.26_Cluster/login

 

<Proxy balancer://abc.com.au_Cluster>

BalancerMember http://abc.com.au:8080 route=eda9a7ffce499a0ce772f6bef06f84be_Server1

ProxySet scolonpathdelim=on stickysession=eda9a7ffce499a0ce772f6bef06f84be_Cluster

</Proxy>

 

Since in header original request (https://example.com.au/abc/login) is passed to my application’s Web APACHE server; my application does not like it since all configurations are based on abc.com.au.

 

So in F5 is there a way to Rewrite the Request header or any other options from https://example.com.au/abc/login to https://abc.com.au/login  so my application “abc.com.au” only see Request is coming from  https://abc.com.au but not from https://example.com.au and end users browser only see F5 URL (https://example.com.au).

 

We have achieved similar requirements in Ngnix using below rule somewhere else:

 

 

#If using https, use block below

server  {

  listen  443 ssl;   # Proxy traffic

  server_name  example.com.au;

  ssl  on;

  if ($is_denied){

      return 404;

  }

  location  / {

    return  404;

  }

  location  /abc/login {

    proxy_pass  https://abc.com.au/login/;

  }

}

 

Thank you for your assistance.

 

 

 

application delivery
if
iRules

11 Replies

Sort By
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Jul 15, 2019

    I would fix it on Apache, with something like the following:

    <VirtualHost *:80>
    ServerName example.com.au
    DocumentRoot "/xxx/xxx"
 
    ProxyPass /abc/login balancer://abc.com.au_Cluster/login
    ProxyPassReverse /abc/login balancer://172.31.16.26_Cluster/login
 
    <Proxy balancer://abc.com.au_Cluster>
    BalancerMember http://abc.com.au:8080 route=eda9a7ffce499a0ce772f6bef06f84be_Server1
    ProxySet scolonpathdelim=on stickysession=eda9a7ffce499a0ce772f6bef06f84be_Cluster
    </Proxy>
</VirtualHost>

    .

    • Mayank's avatar
      Mayank
      Icon for Nimbostratus rankNimbostratus
      Jul 15, 2019

      Thanks for your reply.

       

      Actually, F5 redirects using context path /abc and Web server in internal zone (and doesn't have access to external DNS server) can not resolve to F5 example.com.

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Jul 15, 2019

    Not sure about your topology now. Where exactly should example.com be hosted?

    • Mayank's avatar
      Mayank
      Icon for Nimbostratus rankNimbostratus
      Jul 16, 2019

      example.com is a A Record of F5 VIP. Customer uses example,com for multiple applications and redirect specific application using the application specific context path in F5 -

      e.g.

      https://example.com/abc -> F5 redirect to abc application web server -> https://abc.com

      https://example.com/xyz -> F5 redirect to xyz application web server -> https://xyz.com

       

      To access specific application; users enter F5 VIP with Context Path i.e. https://example.com/<Application Context Path>

  • iaine's avatar
    iaine
    Icon for Nacreous rankNacreous
    Jul 16, 2019

    Hi

    If I've read your post correctly, you want to change the HTTP Host header and also remove the leading /abc from the URI. If so, something like this would do it...

    when HTTP_REQUEST {
	if {[HTTP::host] contains "example.com.au" } {
	if {[HTTP::uri] starts_with "/abc/" } {
	HTTP::uri [string range [HTTP::uri] 4 end]
	}
	HTTP::header replace Host "abc.com.au"
}
}

    In your Nginx snippet, you are also returning a 404 if you browse to root (/) - do you want to have this functionality as well?

    • Mayank's avatar
      Mayank
      Icon for Nimbostratus rankNimbostratus
      Jul 16, 2019

      Correct. So above rule would remove just "/abc" context path from URL but leave the application specific context path (/login)?

       

      e.g. https://example.com.au/abc/login - > https://abc.com.au/login

       

      Also, I don't want to return the default page if anyone browse to root (/).

       

      Thank you.

  • iaine's avatar
    iaine
    Icon for Nacreous rankNacreous
    Jul 17, 2019

    Yep, before the request is passed to the web server, the /abc get stripped off and the host header gets changed.

    To send a 404 back to the client when browsing to /, the following will do it. You can pimp this up as much as you need to

    when HTTP_REQUEST {
	
	if {[HTTP::uri] equals "/"} {
	HTTP::respond 404 content "<HTML><BODY>404 Page Not Found</BODY></HTML>" noserver
	return
	}
	
	if {[HTTP::host] contains "example.com.au" } {
	if {[HTTP::uri] starts_with "/abc/" } {
	HTTP::uri [string range [HTTP::uri] 4 end]
	}
	HTTP::header replace Host "abc.com.au"
}
}
  • Mayank's avatar
    Mayank
    Icon for Nimbostratus rankNimbostratus
    Jul 18, 2019

    We tried the iRule in F5 which stripped off the /abc and rewrite the Header (from example.com.au to abc.com.au) but then end users browser redirect to https://abc.com.au instead https://example.com.au and due to mismatch of server name web server throws Internal Server error.

     

    Thanks.

  • iaine's avatar
    iaine
    Icon for Nacreous rankNacreous
    Jul 18, 2019

    So I'm guessing your application is using absolute paths when sending a redirect rather than relative paths? If so, you can either remedy this using the HTTP profile or in code. To add to the code that you've currently got, it would look something like this

    when HTTP_REQUEST {
	
	if {[HTTP::uri] equals "/"} {
	HTTP::respond 404 content "<HTML><BODY>404 Page Not Found</BODY></HTML>" noserver
	return
	}
	
	if {[HTTP::host] contains "example.com.au" } {
	if {[HTTP::uri] starts_with "/abc/" } {
	HTTP::uri [string range [HTTP::uri] 4 end]
	}
	HTTP::header replace Host "abc.com.au"
}
}
 
when HTTP_RESPONSE {
  if { [HTTP::is_redirect] }{
    HTTP::header replace Location [string map {"abc.com.au" "example.com.au"} [HTTP::header Location]]
  }
}

    There's good article here if you want to look at both options

  • Mayank's avatar
    Mayank
    Icon for Nimbostratus rankNimbostratus
    Jul 19, 2019

    its a mix...a great deal of pages use relative paths...but some apps have absolute paths - where-in paths are derived from Metadata and database.

  • iaine's avatar
    iaine
    Icon for Nacreous rankNacreous
    Jul 19, 2019

    OK, so the above code is just doing a string match and replace on the redirects....were you able to try it?