Forum Discussion

dbarstis's avatar
dbarstis
Icon for Nimbostratus rankNimbostratus
Jun 10, 2021

iRule to replace hostname and handle serverside port changes

I have a scenario where I want to split traffic to a server from our vpn tunnel by fronting it with a vip that has an ip address that will stay public.

A simple iRule to replace the vanity hostname with the actual hostname seems to work fine:

 

when HTTP_REQUEST {

HTTP::header replace "Host" "actual.host.name" 

}  

when HTTP_RESPONSE {  

HTTP::header replace Location [ string map -nocase { "actual.host.name" "vanity.host.name" } [HTTP::header Location] ]  

}

 

The pool is actual.ip.address:8445

 

The problem is there are redirects happening on the server that go to port 8444 for authentication then back to port 8445. So when I enter my credentials the traffic goes into a black hole. Any suggestions on the best way to handle this? Is it even possible? This is currently set up with just a vanity url that does a simple redirect. The actual hostname has a private ip address which is why the vpn is required. There are other services running on this server so I just can't make it public. Any and all help would be greatly appreciated.

5 Replies

  • Create a second virtual on port 8444 for authentication and use the same irule to translate the hostname in requests/responses.

    • dbarstis's avatar
      dbarstis
      Icon for Nimbostratus rankNimbostratus

      No luck Simon. I was thinking of capturing the port and sending it to the appropriate pool. I'm just not sure what port variable I'm supposed to check.

    • dbarstis's avatar
      dbarstis
      Icon for Nimbostratus rankNimbostratus

      After digging into the source, I believe the problem might be embedded code with the host name hardcoded. So your method may still work if I can replace the value in the code as well.

    • dbarstis's avatar
      dbarstis
      Icon for Nimbostratus rankNimbostratus

      I was able to replace the hardcoded values using STREAM but it appears there is some backend java script that is throwing a security error. I'm not sure where to go from here. I appreciate your help! Thank you!

      • Simon_Blakely's avatar
        Simon_Blakely
        Icon for Employee rankEmployee

        That's where you need to start conversing with the Application Team, and getting them to include the public fqdn in the security headers/security controls.