Hi Guys, Have a requirement and I'll try to provide as much details as possible to help understand. Internet users views web page, and posts web form to: htps://www.mysite.com/help/site1/search.do?book=blah The 1st F5 (has SSL cert) receives the traffic and sends the request ( including form data, and URL and query string) to the 2nd F5 (without SSL cert, and is managed on a different dmz location) and the 2nd F5 points to webserver: HTTP://news.bizsite.com:8080/ehelp/microsites. The webserver returns the data to Internet users but the users should still see the URL they visited (htps://www.mysite.com/help/site1/search.do?book=blah) Notes: Different Protocol ( https vs. http) Different Hostname ( www.mysite.com vs. news.bizsite.com) Different Port : 443 vs. 8080 everything after the "/help/site1" is passed to the the target webserver. Users\Internet browser should only see "https://www.mysite.com/help/site1/..." and NOT the HTTP://news.bizsite.com:8080/ehelp/microsites In summary: the user only ever sees the URL: HTTPS://www.mysite/help/site1/search.do?something=somethingelse&more=moreplus Note: everything after the “/site1/” could change – and we should account for such a scenario. But, “end user redirection” – e.g., issuance of an HTTP 300, 301, 302 to the end user browser, should never occur, because we want to shield the end user from the actual destination URL. Thanks, Edward

Different Protocol ( https vs. http) this is done on the 1st f5 by assigning clientssl profile to virtual server. clientside will be https but serverside will be http. Different Hostname ( www.mysite.com vs. news.bizsite.com) you can change hostname using HTTP::header replace on either the 1st f5 or 2nd f5. HTTP::header https://devcentral.f5.com/wiki/irules.http__header.ashx Different Port : 443 vs. 8080 this is translated by virtual server and pool configuration. everything after the "/help/site1" is passed to the the target webserver. similar to hostname, uri can be changed using HTTP::uri. HTTP::uri https://devcentral.f5.com/wiki/irules.http__uri.ashx Users\Internet browser should only see "https://www.mysite.com/help/site1/..." and NOT the HTTP://news.bizsite.com:8080/ehelp/microsites address in browser won't be changed unless there is redirection.

Hi Nitass, Thanks for the assistance. Would very much appreciate if you can provide the iRule syntax since I have a very little room for error as this will be done in Production environment. Thanks, Edward

e.g. 1st f5 root@ve10(Active)(tmos) list ltm virtual firstvs ltm virtual firstvs { destination 172.28.24.9:https ip-protocol tcp mask 255.255.255.255 pool firstpool profiles { clientssl { context clientside } http { } tcp { } } rules { firstrule } snat automap } root@ve10(Active)(tmos) list ltm pool firstpool ltm pool firstpool { members { 172.28.24.10:webcache { } } } root@ve10(Active)(tmos) list ltm rule firstrule ltm rule firstrule { when HTTP_REQUEST { if { [HTTP::host] eq "www.mysite.com" and [HTTP::uri] starts_with "/help/site1/" } { HTTP::header replace Host "news.bizsite.com:8080" HTTP::uri [string map {"/help/site1/" "/ehelp/microsites/"} [HTTP::uri]] } } } 2nd f5 root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual secondvs ltm virtual secondvs { destination 172.28.24.10:8080 ip-protocol tcp mask 255.255.255.255 pool secondpool profiles { tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 5 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool secondpool ltm pool secondpool { members { 200.200.200.101:8080 { address 200.200.200.101 } } }

iRule rewrite | URL hiding

ERLomboy_27803
Nimbostratus
Feb 09, 2014
Thank you for the iRule code. Here's a trace of the log.

Feb 9 01:10:22 local/tmm info tmm[4756]: Rule iRuleTEST : BEFORE: client:x.x.x.x:52173 host:mysite.com uri:/CIQDotNet/Excel/126/8.51.5326.5331.axd
nitass
Employee
Feb 09, 2014
Feb 9 01:10:22 local/tmm info tmm[4756]: Rule iRuleTEST : BEFORE: client:x.x.x.x:52173 host:mysite.com uri:/CIQDotNet/Excel/126/8.51.5326.5331.axd

i thought host is www.mysite.com and uri starts with /help/site1/.
ERLomboy_27803
Nimbostratus
Feb 09, 2014
I checked again with the requestor. It seems the uri is not existing. Like a vanity one but in which the business would want the users to see.

The uri is the same for source and dest URL.

https://www.mysite.com/help/site1/ <--> http://news.bizsite.com:8080/help/site1/
nitass
Employee
Feb 09, 2014
The uri is the same for source and dest URL.

if uri is not changed, HTTP::uri line is not needed.
ERLomboy_27803
Nimbostratus
Feb 10, 2014
Hi Guys,

Need your help and patience!

I'm still stuck on the 1st F5 on this iRule. Even after removing the uri, it didn't make a difference. The log shows it's not capturing the right uri.

There is an existing iRule which I'm thinking is conflicting with the one I created. Not sure if I should post it here or I can send it privately, let me know.
nitass_89166
Noctilucent
Feb 11, 2014
The log shows it's not capturing the right uri.

i still expect to see www.mysite.com as host and uri starts with /help/site1/ in the log. if you do not see it, i think you may need to check if host and uri information you have is correct indeed.
- ERLomboy_27803
  Nimbostratus
  Feb 11, 2014
  This is the other iRule. Can you find out which one is conflicting with what you have provided? when HTTP_REQUEST { if { [string tolower [HTTP::uri]] ne "/powermoves" } { switch -exact [string tolower [HTTP::host]] { "www.mysite.com" { if {[TCP::local_port] == 80} { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } elseif {[string tolower [HTTP::uri]] starts_with "/summergames/" || [string tolower [HTTP::uri]] starts_with "/summergames"} { HTTP::respond 301 Location "http://summergames.mysite.com" } } "mysite.com" { if { [matchclass $::wwwredirects equals [string tolower [HTTP::path]]] } { HTTP::respond 301 Location "https://www.mysite.com[HTTP::uri]" } elseif { [TCP::local_port] == 80 } { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/ciqdotnet/excel/114/" || [string tolower [HTTP::uri]] starts_with "/ciqdotnet/excel/102/" } { HTTP::respond 301 Location "https://www.mysite.com[HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } elseif {[string tolower [HTTP::uri]] starts_with "/summergames/" || [string tolower [HTTP::uri]] starts_with "/summergames"} { HTTP::respond 301 Location "http://summergames.mysite.com" } } default { if { [TCP::local_port] == 80 } { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } } } } else { HTTP::redirect http://powermoves.mysite.com } }
nitass
Employee
Feb 11, 2014
The log shows it's not capturing the right uri.

i still expect to see www.mysite.com as host and uri starts with /help/site1/ in the log. if you do not see it, i think you may need to check if host and uri information you have is correct indeed.
- ERLomboy_27803
  Nimbostratus
  Feb 11, 2014
  This is the other iRule. Can you find out which one is conflicting with what you have provided? when HTTP_REQUEST { if { [string tolower [HTTP::uri]] ne "/powermoves" } { switch -exact [string tolower [HTTP::host]] { "www.mysite.com" { if {[TCP::local_port] == 80} { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } elseif {[string tolower [HTTP::uri]] starts_with "/summergames/" || [string tolower [HTTP::uri]] starts_with "/summergames"} { HTTP::respond 301 Location "http://summergames.mysite.com" } } "mysite.com" { if { [matchclass $::wwwredirects equals [string tolower [HTTP::path]]] } { HTTP::respond 301 Location "https://www.mysite.com[HTTP::uri]" } elseif { [TCP::local_port] == 80 } { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/ciqdotnet/excel/114/" || [string tolower [HTTP::uri]] starts_with "/ciqdotnet/excel/102/" } { HTTP::respond 301 Location "https://www.mysite.com[HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } elseif {[string tolower [HTTP::uri]] starts_with "/summergames/" || [string tolower [HTTP::uri]] starts_with "/summergames"} { HTTP::respond 301 Location "http://summergames.mysite.com" } } default { if { [TCP::local_port] == 80 } { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/forumsdotnetnuke/" } { if { [string tolower [HTTP::host]] ne "forums.mysite.com" } { HTTP::respond 301 Location "https://forums.mysite.com[HTTP::uri]" } } } } } else { HTTP::redirect http://powermoves.mysite.com } }
nitass_89166
Noctilucent
Feb 11, 2014
This is the other iRule. Can you find out which one is conflicting with what you have provided?

don't you see log showing www.mysite.com as host and uri starts with /help/site1/ really? even irule conflicts, the log should be shown.
- ERLomboy_27803
  Nimbostratus
  Feb 11, 2014
  No, it doesn't show. Would it show even if the uri path is non-existent?
nitass
Employee
Feb 11, 2014
This is the other iRule. Can you find out which one is conflicting with what you have provided?

don't you see log showing www.mysite.com as host and uri starts with /help/site1/ really? even irule conflicts, the log should be shown.
- ERLomboy_27803
  Nimbostratus
  Feb 11, 2014
  No, it doesn't show. Would it show even if the uri path is non-existent?
nitass_89166
Noctilucent
Feb 11, 2014
Would it show even if the uri path is non-existent?

https://www.mysite.com/help/site1/ is incoming request from client to f5, isn't it?
- ERLomboy_27803
  Nimbostratus
  Feb 11, 2014
  yes, it's a request from client to F5.
- ERLomboy_27803
  Nimbostratus
  Feb 13, 2014
  Hi Nitass, Appreciate if you can provide further assistance on this. Thanks!