Forum Discussion

4 Replies

  • a little bit more information is probably required.

     

    in general a forwarding virtual server should just forward everything, so also dynamic URI. but you probably mean something a bit different. provide an example perhaps.

     

  • when my internal server is sending traffic for xxx.com, it resolves to specific IP address 1.1.1.1, so we create forwarding IP virtual server on F5 for this IP 1.1.1.1 to allow the traffic from server to Internet. But now the requirement is, the server will be sending traffic to yyy.com which will resolve to dynamic IP, so now on F5, how will I be able to create forwarding IP virtual servers for all those IP addresses the yyy.com resolves to, when these IP are dynamic. I cannot create a forwarding IP virtual server with 0.0.0.0, I should not create this as per security reasons. I can create a forwarding IP virtual server with 0.0.0.0 and add irule to allow specific IP as per datagroup, but to this I am unable to attach irule with dynamic uri data group as forwarding ip virtual server has to http profile associated to it, so it does not allow me to add irule with http_request. Can anyone suggest some solution.

     

  • you can use a wildcard standard virtual server (or fast L4) and have an irule that looks up the IP for the hostname (from the HTTP host header) via DNS and then sets that as the node IP address. that should do what you want i believe. you can place restrictions on what hostnames should be allowed to be looked up to add some security.

     

  • I think you can set the URI (yyy.com) into the destination address of the firewall rule, it requires to set DNS resolver also.