Forum Discussion

Thomas_Castell1's avatar
Thomas_Castell1
Icon for Nimbostratus rankNimbostratus
Feb 11, 2013

ProxyPass iRule Modification for Redirect and SSO support

Hello,

 

 

We are using the ProxyPass irule in an LTM+APM context and we faced 2 problems :

 

 

1/ One website "http://www.foobar.com" with redirect to another website.

 

Clientside Host Header : www.foobar.com

 

Serverside Host Header : foobar.local

 

The ProxyPass irule works wonderfully, but at a time the website is redirecting to another website : "HTTP 302 Redirect, Location Header : www.barfoo.com"

 

Problem is that the ProxyPass iRule rewrites this header, without checking if it is matching the serverside header...

 

==> Just added this test before rewriting Location Header : "if { $host_header eq $host_serverside }"

 

 

2/ LTM+APM mode, SSO configured on the APM.

 

Problem is that the F5 device generates itself the authentication request, so there is no "HTTP_REQUEST" context, and as a result no "clientside" context.

 

This results in the following error :

 

"tmm err tmm[7771]: 01220001:3: TCL error: /Common/ProxyPass - Illegal argument. Can't execute in the current context. (line 127) invoked from within "HTTP::uri $path_serverside[substr $orig_uri [string length $path_clientside]]"invalid peer expression (line 3) invoked

 

from within "clientside { Rewrite the URI HTTP::uri $path_serverside[substr $orig_uri [string le

 

ngth $path_clientside]] Rewrite the Host header ..."

 

 

My patch is just checking if there is a clientside context and, if not, does a "return" without rewriting anything :

 

if ([catch {clientside {HTTP::uri}}]) {

 

log local0. "$log_prefix: clientside context not available. Probably a self-generated Request (SSO ?), ignoring rewrite..."

 

return

 

}

 

 

You will find attached the modified ProxyPass irule.

 

Regards,

 

 

Thomas.

 

No RepliesBe the first to reply