Source IP redirect, change host, uri and change to 443

Question

&nbsp;I'm using BIG-IP LTM&nbsp;I have a VIP on port 4001 taking external connections, this goes to a pool with a client SSL cert.&nbsp;I am trying to "route" to a different destination based on the source IP address. However, I need to manipulate the uri as well.&nbsp;I have tried this via an iRule, but looking at the forum people are saying just use the policies section of the F5.&nbsp;I am a network engineer by trade and I very rarely get this deep into LTM. Please can you assist? I have outputs from what I have tried below.&nbsp;I have run packet captures and see that the request does forward, but in plain text (iRule output), so I have tried to encrypt it before sending it to the destination, but I don't think I'm doing it right.&nbsp;pool_RTS_Azure = dev.api.comany.com:443pool_RTS_4001 is the default poolpool_RTS is the same as pool_RTS_4001&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

lidev · Answer

Hi phipse,&nbsp;If you want to re-encrypts traffic on the server side by initiating a new SSL connection between the F5 BIG-IP and the web server add a SSL profile (Server) on your Virtual Server, eg severssl.Despite this, all configuration seems OK.&nbsp;Regards&nbsp;

phipse · Answer

Hi Lidev,&nbsp;This isn't working.  With the iRule I can not change the host entry in the URI, it just forwards the request as it is to the pool.  However, the policy does seem to work, but I receive an error back from the Azure server, like it's receiving a GET request rather than a POST.&nbsp;Thank you

lidev · Answer

Sorry, I didn't specify that I just looked at the LTM policy part. I'm not a big fan of iRules, i prefer to go through an LTM policy when I have a choice.for HTTP method issue, it's necessary either to adjust the HTTP methods on the backend server or to modify the sent requests.

phipse · Answer

Am I right in using the ssl server part?  Something doesn't feel right as we don't normally use it on our VIPs.We're sending the body as a POST request.

lidev · Answer

It depends on what you want to do with TLS/SSL trafic ?

SSL Offloading (clientssl profile/no serverssl profile on virtual server) terminates SSL at the F5 and the server side traffic is non-encrypted.

SSL Bridging (clientssl profile and serverssl profile on virtual server) terminates SSL at the F5 and then re-encrypts traffic to the server side.

Forum Discussion

Source IP redirect, change host, uri and change to 443

5 Replies

Recent Discussions

Viprion files on blades.

redirect not working

active/active Support Declarative Onboarding

Reliable resources for identifying IP addresses

minimum tmos software version for connect CIS (openshift)

Related Content

Unable to change auth source to rasidus

Change original source IP to random in ASM logs

Anchor Link Redirect

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

Change admin account