Forum Discussion

AngryCat_52750's avatar
AngryCat_52750
Icon for Nimbostratus rankNimbostratus
Nov 30, 2012

URL re-write for Sharepoint

So we implemented the F5 through APM as a replacement to ISA last night.. and the new flow is as such.

 

User -> https://test.example.com/ -> firewall -> F5 (ssl decrypt and send on to pool) -> sharepoint server

 

Ran into a snag.. the Sharepoint server is expecting test_abc.example.com as a host.

 

Can I implement this irule to work around that?

 

when HTTP_REQUEST {

 

HTTP::host replace Host "test_abc.example.com"

 

}

 

6 Replies

  • e.g.

    [root@ve10:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.19.79:443
       ip protocol 6
       rules myrule
       profiles {
          clientssl {
             clientside
          }
          http {}
          tcp {}
       }
    }
    [root@ve10:Active] config  b pool foo list
    pool foo {
       members 200.200.200.101:80 {}
    }
    [root@ve10:Active] config  b rule myrule list
    rule myrule {
       when HTTP_REQUEST {
       HTTP::header replace Host "test_abc.example.com"
    }
    }
    
    [root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80 or port 443 -k /config/ssl/ssl.key/default.key
    New TCP connection 1: 172.28.20.11(57792) <-> 172.28.19.79(443)
    1 1  1354285525.0756 (0.0948)  C>SV3.1(96)  Handshake
    1 2  1354285525.0757 (0.0000)  S>CV3.1(81)  Handshake
    1 3  1354285525.0757 (0.0000)  S>CV3.1(953)  Handshake
    1 4  1354285525.0757 (0.0000)  S>CV3.1(4)  Handshake
    1 5  1354285525.0808 (0.0050)  C>SV3.1(262)  Handshake
    1 6  1354285525.0808 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
    1 7  1354285525.0808 (0.0000)  C>SV3.1(36)  Handshake
    1 8  1354285525.1009 (0.0201)  S>CV3.1(1)  ChangeCipherSpec
    1 9  1354285525.1009 (0.0000)  S>CV3.1(36)  Handshake
    1 10 1354285525.1047 (0.0037)  C>SV3.1(178)  application_data
        ---------------------------------------------------------------
        GET / HTTP/1.1
        User-Agent: curl/7.19.7 (i686-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8x zlib/1.2.3 libidn/0.6.5
        Accept: */*
        Host: test.example.com
    
        ---------------------------------------------------------------
    New TCP connection 2: 200.200.200.10(57792) <-> 200.200.200.101(80)
    1354285525.1069 (0.0009)  C>S
    ---------------------------------------------------------------
    GET / HTTP/1.1
    User-Agent: curl/7.19.7 (i686-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8x zlib/1.2.3 libidn/0.6.5
    Accept: */*
    Host: test_abc.example.com
    
    ---------------------------------------------------------------
    
  • Nitass if this request is coming from the APM first, would i need to do this instead?

    
    when ACCESS_ALLOWED {
    
        Check if requested host doesn't start with test.example.com
       if {not ([string tolower [HTTP::host]] starts_with "test.example.com")}{
    
           Replace the host header value with test_abc.example.com
          HTTP::header replace Host "test_abc.example.com"
       }
    }
    

  • Should this be an irule as part of the LTM process or as an irule event in the APM process?? kinda confused now :(
  • i never did apm before. anyway, isn't ltm event triggered before?

     

     

    HTTP Event Order -- Access Policy Manager by Jason

     

    https://devcentral.f5.com/tutorials/tech-tips/http-event-order-access-policy-manager