ProxyPass iRule Modification for Redirect and SSO support
Hello,
We are using the ProxyPass irule in an LTM+APM context and we faced 2 problems :
1/ One website "http://www.foobar.com" with redirect to another website.
Clientside Host Header : www.foobar.com
Serverside Host Header : foobar.local
The ProxyPass irule works wonderfully, but at a time the website is redirecting to another website : "HTTP 302 Redirect, Location Header : www.barfoo.com"
Problem is that the ProxyPass iRule rewrites this header, without checking if it is matching the serverside header...
==> Just added this test before rewriting Location Header : "if { $host_header eq $host_serverside }"
2/ LTM+APM mode, SSO configured on the APM.
Problem is that the F5 device generates itself the authentication request, so there is no "HTTP_REQUEST" context, and as a result no "clientside" context.
This results in the following error :
"tmm err tmm[7771]: 01220001:3: TCL error: /Common/ProxyPass - Illegal argument. Can't execute in the current context. (line 127) invoked from within "HTTP::uri $path_serverside[substr $orig_uri [string length $path_clientside]]"invalid peer expression (line 3) invoked
from within "clientside { Rewrite the URI HTTP::uri $path_serverside[substr $orig_uri [string le
ngth $path_clientside]] Rewrite the Host header ..."
My patch is just checking if there is a clientside context and, if not, does a "return" without rewriting anything :
if ([catch {clientside {HTTP::uri}}]) {
log local0. "$log_prefix: clientside context not available. Probably a self-generated Request (SSO ?), ignoring rewrite..."
return
}
You will find attached the modified ProxyPass irule.
Regards,
Thomas.