Forum Discussion

Shlairshe_84486's avatar
Shlairshe_84486
Icon for Nimbostratus rankNimbostratus
Jan 13, 2015

Incorporating a header rewrite for security purposes

Hi All,

  I have been able to make the i-rule work for the purpose it is intended for. However, there is one more thing I have not been able to get to work. 

when HTTP_REQUEST { set req [string tolower [HTTP::uri]] if { $req starts_with "/lodi"

} {HTTP::redirect "https://TESTSERVER:8080/lodi/home"} use pool Test_Svrtier_Pool if { $req starts_with "/walking"} { HTTP::redirect "http://TESTSERVER2:8080/BOB/CAT" } }

Question: I am trying to incorporate in the above stated irule such that, if a user access an url http://x.x.x.x/lodi , the user is redirected to the site "http://TESTSERVER:8080/lodi/home", this work perfectly fine now with no problems.

My problem is, I want to be able to rewrite or replace the string TESTSERVER in the url with a different string (let say for example purposes the string is LIBRARY), such that the final page will end up looking like "https://LIBRARY:8080/lodi/home".

In effect, I am trying to hide the name of the real server which is TESTSERVER, and replace it with the name LIBRARY , when the page finally executes. This is for security purposes.

Secondly, will the new name LIBRARY have to be part of DNS for this to work , I was thinking , it could just be replaced.

6 Replies

  • If you TESTSERVER(2) servers are defined as nodes and reachable via the LTM you could just do a rewite with a node selection rather than a redirect.

    when HTTP_REQUEST {
        set req [string tolower [HTTP::uri]]
        if { $req starts_with "/lodi" } {
            node  8080
            HTTP::uri /lodi/home
        }
        elseif { $req starts_with "/walking"} { 
            node  8080
            HTTP::uri /BOB/CAT
        }
        pool Test_Svrtier_Pool
    }
    

    Also, I'm not quite sure why you had the

    use pool Test_Svrtier_Pool
    between your IF statements so I put it at the end. Also, unless you are still running BigIP 4.x you don't need the
    use
    command.

    • Shlairshe_84486's avatar
      Shlairshe_84486
      Icon for Nimbostratus rankNimbostratus
      Thank Brad, I have not yet tested it but regarding the statement node 8080 Can this be replaced with a pool instead of server port ?
  • If you TESTSERVER(2) servers are defined as nodes and reachable via the LTM you could just do a rewite with a node selection rather than a redirect.

    when HTTP_REQUEST {
        set req [string tolower [HTTP::uri]]
        if { $req starts_with "/lodi" } {
            node  8080
            HTTP::uri /lodi/home
        }
        elseif { $req starts_with "/walking"} { 
            node  8080
            HTTP::uri /BOB/CAT
        }
        pool Test_Svrtier_Pool
    }
    

    Also, I'm not quite sure why you had the

    use pool Test_Svrtier_Pool
    between your IF statements so I put it at the end. Also, unless you are still running BigIP 4.x you don't need the
    use
    command.

    • Shlairshe_84486's avatar
      Shlairshe_84486
      Icon for Nimbostratus rankNimbostratus
      Thank Brad, I have not yet tested it but regarding the statement node 8080 Can this be replaced with a pool instead of server port ?