Redirect TLS 1.1/1.2 clients & Append the incoming URL to the redirect target
This is probably simpler than I'm trying to accomplish. I can't seem to get it working unfortunately. Any assistance would be appreciated. Summary Goal is to trigger a redirect for TLS 1.1/1.2 clients andAppend the incoming URL to the redirect (Testing out just the redirect first before I add more criteria) Example Inbound HTTPS Request https://abc.com/URIexample/abc/login?service=https%3A%2F%2website.domain.com Redirect to HTTP(S) External Internet Site https://xyz.com/random/random/warn.html?source=https://aaa.domainexample.com/blah/login?service=https%3A%2F Detail on redirect Redirect to ----> add "source=" AND append source URI addingSolved1.6KViews0likes4Commentsirule uri traffic redirection failing
Hello team, I have to implement an irule to redirect traffic based on URL. So i made following code: when HTTP_REQUEST { if { [HTTP::uri] starts_with "/specialurl" } { snatpool /NAT_Outside pool /Apps_pool log local0. "[IP::client_addr] Ingreso a [HTTP::uri]" } } The irule works fine, but the owner of the application says that when the app (programed in ajax) call's another uri of the website, the service get stucked in the pool "/App_pool". I tried with ltm policy and have same behavior. Any one had have any similar case?Solved1.2KViews0likes8CommentsLTM Rewrite Profile for URI Translation
Anyone having success with this? I tried setting this up and cannot get it to work. My setup is a LTM VS with an APM policy applied. I created the rewrite profile from the LTM section and setup a URI/Server combination like: /SO_SO_IN --> https://backendserver.sample.com/my/new/uri/is/this I have an iRule setup for logging only and have events in to follow through the process. One of the events I have is the REWRITE_REQUEST_DONE and I never see it get triggered and the outgoing URL to the pool has the same host and uri in it. I am using this URL to get the image for the LTM/APM flow: https://devcentral.f5.com/articles/http-event-order-access-policy-manager Any thoughts for iRule logging to see if the rewrite profile is even being evaluated? I have set the APM log to debug and it looks like once it passes the ACL validation it passes straight back into the LTM. I have learned more about the F5 this week than I ever thought I would trying to figure this out and an issue with the LTM handing off to the APM when dealing with HTTP POST larger than around 64k.1.2KViews0likes10CommentsiRule Query String Match and Redirect
I seem to be having difficulty finding too much on this and maybe it is as simple as it is, I am looking to perform a URI match with a few particular query strings and redirect to another website if the request is found. I have found a few articles indicating using a datagroup but this seems a bit excessive for the task I am looking at. Example: https://www.thedomain.com/dir1/index.html?newpath=Name1 -> https://www.newdomain.com/dir1/index.html?newpath=Name1 Is this as simple as something like: when HTTP_REQUEST { if { ( [string tolower [HTTP::host]] equals "www.thedomain.com" ) and ( [string tolower [HTTP::uri]] ends_with "Name1" ) } { HTTP::redirect "http://www.newdomain.com[HTTP::uri]" } } Will the query string after the "?" be picked up and carried over with [HTTP::uri]?1.1KViews0likes3CommentsLTM - Proxypass for a single URI with content response rewrite
I'm trying to publish an internal website (xpto.company.local/originalfile.php) but I want to present it to the customer as xpto.company.com/index.php. I can do the URL rewrite (request and response) but i can't figure out how to rewrite the content so that the customer can call xpto.company.com/index.php?option=1 and the LTM forwards it to xpto.company.local/originalfile.php?option=1. I'm also having no luck rewritting the response from the server (payload) on the LTM to change the internal url's to external ones. I've looked into proxypass but all the documentation and examples only talk about folders and not files. Any help would be appreciated. The LTM is with v13.Solved956Views0likes2CommentsForward with specific URI to pool without changing URL
Hi, DevCentral community! I've been checking the forum and trying different answers from the community for other requests, but I haven't been able to do what I need to do, this is the scenario: The client wants to receive the content of http://abc.com/xyz-xyz when he accesses through http://abc.com In short, I need to forward the traffic to the pool with the URI /xyz-xyz but the URL has to be static as http://abc.com Could anyone help me with the iRule? when HTTP_REQUEST { if { ([HTTP::host] eq "abc.com") } { if { ([HTTP::uri] equals "/") } { HTTP::uri "/xyz-xyz" } pool Client-pool text } } Thank all of you for your help and your time!Solved741Views0likes3CommentsSorry page redirect
Im trying to set up an iRule that will redirect traffic to an IIS server when there are no active pool members. I have the basics working. However the sorry page will only display properly the first time if there is a uri. If the user refreshes the page or tries a different uri they get a 404. when HTTP_REQUEST { if { [active_members [LB::server pool]] < 1} { HTTP::uri "/" pool /ESI/solr.erp-pool } } How would i configure this irule to apply every time the user refreshes the page or hits the url again?739Views0likes8CommentsHTTP::uri causes malformed URI
We are using the HTTP::uri command in an iRule to set a prefix on the given URI, and following the prefix example given in the F5 official documentation shown here: https://clouddocs.f5.com/cli/tmsh-reference/latest/modules/ltm/ltm_rule_command_HTTP_uri.html The exact iRule we're using is this: when HTTP_REQUEST { set uri [string tolower [HTTP::uri]] if { $uri starts_with "/firstPath/" or $uri contains "/secondPath" }{ HTTP::uri /thirdPath[HTTP::uri] pool poolA } elseif { not ([HTTP::uri] starts_with "/otherPath") } { HTTP::uri /otherPath[HTTP::uri] pool poolB } } This works as expected, except one request from a single known source results in a bad URI. The elseif part that applies the prefix is the part that isn't working consistently. We've had this occur in two different environments across different LTMs on the same type of request. The provided request URL is something like: https://www.company.com/foo/bar We expect the URI to be rewritten as: /otherPath/foo/bar But in fact the rewritten URI ends up as: /otherPathhttps:/www.company.com/foo/bar This specific request is coming in as POST HTTP/1.0. I'm not a network engineer so I don't know if there's anything somewhere else on the LTM that would be affecting this type of request, or if there's something else this specific request could be hiding that would cause the iRule to behave this way. The LTMs are all running version 15.1.3.1.699Views0likes2CommentsSelect clientssl profile based on uri pattern
Hello everyone, I need some help with this scenario. I've found similar questions and suggestions from devcentral memebers but I'm stuck and haven't been able to come up with a solution. I have an API Management solution published through a single Virtual Server in my BigIP. There are several API's present on this solution and I would like to enforce client authentication with SSL\TLS certificates, but requiring a specific certificate depending on which API they will be requesting. In other words, if I have a single VS where I if the request is to: myapidomain.com/api-companyA, then I want to request the client certificate of Company A if the request is to: myapidomain.com/api-companyB, , then I want to request the client certificate of Company B if the request is to: myapidomain.com/general-public-api, then I don't want to use client authentication, just present the server certificate I think that it all comes down to choosing a different clientssl profile based on the uri pattern, but: I can only inspect the http request after the TLS negotation has been completed using the default ssl profile of the VS I cannot use the command to change the ssl profile inside the HTTP REQUEST event I have seen some related questions where they suggest to do something like this. But they are changing the current ssl profile to request client authentication, instead of changing the ssl profile. For testing purposes, I have setup two client ssl profiles, each of them requiring client authentication but using different self signed certificates. when HTTP_REQUEST { switch -glob [HTTP::path] { "/api-companyA" { HTTP::collect SSL::session invalidate SSL::authenticate always SSL::authenticate depth 9 SSL::cert mode require SSL::renegotiate // Another post suggested using SSL::profile here to change the profile, but it is not allowed inside HTTP REQUEST } "/api-companyB" { HTTP::collect SSL::session invalidate SSL::authenticate always SSL::authenticate depth 9 SSL::cert mode require SSL::renegotiate } } } Would it be possible to use a flag variable for this? For example, start with a default value, change it within the HTTP_REQUEST event based on the URI, force an SSL\TLS renegotiation and then in a CLIENT_ACCEPTED event use the value of that variable to set the profile? I tried something like this but it seems that the CLIENT_ACCEPTED method does not fire after the SSL::renegotiate command is issued. when RULE_INIT { set ::count 0 } when CLIENT_ACCEPTED { if{$::count == 1} { SSL::profile profile_with_client_authentication_companyA } } when HTTP_REQUEST { switch -glob [HTTP::path] { "/supervielledev/public-partners/myloopbackapi" { set ::count 1 SSL::renegotiate } "/supervielledev/public-partners/myotherloopbackapi" { set ::count 2 SSL::renegotiate } } } Thanks in advance.699Views0likes1Comment