iRule header location redirects

Question

We have an application that after a recent software patch has changed its behavior. This has broken the app when accessed via the F5 LTM VIP we have created for it. The app works when accessing the backend server directly. While the vendor works on a resolution, we are trying to craft an iRule that would give us a workaround. The issue is for some URLs, the application now responds with the private IP of the server behind the VIP instead in the response instead of the application name .

So for instance:

“10.x.y.z/unity/options.do” i

Instead of:

“myurl.com/unity/options.do”

When this happens the first time you get a security warning since the SSL cert for the app only has the application name and not the IPs. If you accept the cert, the app still won’t load a few tabs in the application. So, we are looking for a way via an iRule or some other means on the F5 to re-write the response with the application name when the F5 sees an IP being passed instead of the application FQDN.

amine_kadimi · Answer

You can test the "redirect rewrite" option of the HTTP profile, this often solves this kind of problem

ryank5589 · Answer

Thanks Amine! We actually have redirects rewrite configured for matching and it doesn’t work. We tried turning it off and changing it to all, but the issue still persists so we are looking for an irule, policy, or some sort of profile to work around this issue.

yiğit_uslu · Answer

Hi,&nbsp;You can use rStream profile for content rewriting. If you see complications after applying stream profile. You can write ani rule more complicated stream operation.&nbsp;https://clouddocs.f5.com/api/irules/STREAM__expression.html&nbsp;&nbsp;

amine_kadimi · Answer

when HTTP_RESPONSE {
  if { [HTTP::is_redirect]} {
    if { [HTTP::header Location] contains "10.x.y.z" } {
      HTTP::header replace Location [string map -nocase { "10.x.y.z" "myurl.com" } [HTTP::header Location]] 
  }
}Disclaimer: not tested, may need some adjustmentFor the string map explanation, refer to: https://devcentral.f5.com/s/articles/irules-101-14-tcl-string-commands-part-2

ryank5589 · Answer

Amine, &nbsp;Thank you again for the response. The irule you provided did help a bit, I was able to re-write the location header with the proper URL. I am still having issue now after the re-write where it just times out, so the application doesn't like something.

Forum Discussion

iRule header location redirects

6 Replies

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

Redirect Location header validator

Location Via Cookie Header

Anchor Link Redirect

URI host header redirect failing

Security headers