For environments that use web servers, you might want your websites to appear differently on the external network than on the internal network. For example, you might want the BIG-IP® system to send traffic destined for http://www.siterequest.com/ to the internal server http://appserver1.siterequest.com/ instead. Normally, this translation could cause some issues, such as the web server expecting to see a certain host name (such as for name-based virtual hosting) or the web server using the internal host name and/or path when sending a redirect to client systems. Fortunately, you can configure the BIG-IP system to solve these problems.
You can also configure the BIG-IP system to modify HTML content as needed after the system has performed the URI translation.
This implementation describes an example of URI translation and HTML content modification and then provides the tasks to implement this example.
You can configure the BIG-IP® system to perform URI translation on HTTP requests. Suppose that a company named Siterequest has a website www.siterequest.com, which has a public IP address and a registered DNS entry, and therefore can be accessed from anywhere on the Internet.
Furthermore, suppose that Siterequest has two application servers with private IP addresses and unregistered DNS entries, inside the company's firewall. The application servers are visible within the internal network as appserver1.siterequest.com and appserver2.siterequest.com.
Because these servers have no public DNS entries, any client system that tries to access one of these servers from outside the company network receives a no such host error.
As the illustration shows, you can prevent this problem by configuring the BIG-IP system to act as a reverse proxy server:
The BIG-IP system as a reverse proxy server for URI translation
In the example, the company Siterequest has decided to enable Web access to the internal application servers, without exposing them to the Internet directly. Instead, the company has integrated the servers with the web server siterequest.com so that http://www.siterequest.com/sales is mapped internally to http://appserver1.siterequest.com/sales, and http://siterequest.com/marketing is mapped internally to http://appserver2.example.com/marketing. This is a typical reverse-proxy configuration.
To configure the BIG-IP system to perform this translation, you create a Rewrite profile and configure one or more URI rules. A URI rule specifies the particular URI translation that you want the BIG-IP system to perform. Specifically, a URI rule translates the scheme, host, port, or path of any client URI, server URI, or both. A URI rule also translates any domain and path information in the Set-Cookie header of the response when that header information matches the information in the URI rule.
The BIG-IP® system follows these rules when attempting to match a request to a URI rule:
When creating a URI rule, you must specify the client and server URIs in these ways:
When you configure an HTML profile on the BIG-IP® system, the system can modify HTML content that passes through the system, according to your specifications. For example, if you want the BIG-IP system to detect all content of type text/html and then remove all instances of the HTML img tag with the src attribute, you can configure an HTML profile accordingly, and assign it to the virtual server. The HTML profile ensures that the BIG-IP system removes those instances of the tag from any HTML content that passes through the virtual server.
Or, you can configure an HTML profile to match on a certain tag and attribute in HTML content when a particular iRule event is triggered, and then create an iRule that includes a command to replace the value of the matched attribute with a different attribute. The BIG-IP system includes several iRule commands that you can use when the Raise Event on Comment or Raise Event on Tag events are triggered. For more information on iRule commands related to HTML content modification, see the F5 Networks web site http://devcentral.f5.com.
HTML tag removal and replacement are just two of several HTML rules that you can configure to manipulate HTML content. An HTML rule defines the specific actions that you want the BIG-IP system to perform on a specified type HTML content.
The first step to configuring the BIG-IP® system to act as a reverse proxy server is to create a Rewrite type of profile on the BIG-IP system and associate it with a virtual server. Note that each virtual server must have an HTTP profile. The Rewrite profile is designed for HTTP sites, as well as HTTPS sites where SSL is terminated on the BIG-IP system (that is, the virtual server references a Client SSL profile).
To configure the BIG-IP® system to perform URI translation, you create a Rewrite profile, specifying one or more URI rules that associate a client-side path with a server-side URI. You also specify whether you want the URI translation to pertain to HTTP requests, responses, or both.
You create an HTML profile when you want the BIG-IP® system to act on certain types of HTML content.
After you perform the tasks in this implementation, the BIG-IP® system can: