ACE-4710 URL Rewrite

coldeneqt · ‎02-14-2014

Hi - I need to rewrite a request and a response using the ACE-4710 appliance. There are multiple ports within the server farm that will be used.

The request will come in as http://erptest.abc.com and will need rewritten to http://erptest.abc.com/def/html.

The native response will have the server farm ports included and they will need masked back to the original request. The response will look like:

http://erptest.abc.com:8080/def/html and will need masked and rewritten back to http://erptest.abc.com.

I haven't found much to help. Any help will be appreciated. Thanks.

Kanwaljeet Singh · ‎02-15-2014

Hi,

You will need to define an action list and rewrite both request and response host header. A similar example where only request is rewritten is shown in below discussion.

https://supportforums.cisco.com/thread/133427

I haven't configured this myself but it should work fine.

Let me know if you have any questions.

Regards,

Kanwal

coldeneqt · ‎02-15-2014

Thanks for your response. I currently have it configured as such but with no luck:

action-list type modify http REWRITE

header rewrite request host header-value "erptest[.]abc[.]com" replace "erptest.abc.com/def/html"

header rewrite response location header-value "erptest[.]abc[.]com:(.*)" replace "erptest.abc.com"

policy-map type loadbalance first-match HTTP

class class-default

sticky-serverfarm GROUP9TEST

action REWRITE

policy-map multi-match L4_VIP_POLICY

class VIP

loadbalance vip inservice

loadbalance policy HTTP

loadbalance vip icmp-reply active

Any ideas? Thanks again.

Kanwaljeet Singh · ‎02-17-2014

Hi,

Which version of code are you running? Can you put in the complete configuration here? Have you defined a L7 class map?

Regards,

Kanwal

coldeneqt · ‎02-17-2014

Thank you. I have the policy-maps defined. There is also the requirement to alternate between port 8091 and 8092 in the serverfarm.

action-list type modify http TEST_REWRITE

header rewrite request host header-value "erptest[.]eqt[.]com" replace "erptest.eqt.com:8091/jde/owhtml"

header rewrite response host header-value "erptest[.]eqt[.]com(.*)" replace "erptest.eqt.com%1"

serverfarm host TEST_SF

failaction purge

predictor leastconns

probe TCP8091

probe TCP8092

rserver WEBW01 8091

weight 1

inservice

rserver WEBW01 8092

weight 1

inservice

rserver WEBW02 8091

weight 1

inservice

rserver WEBW02 8092

weight 1

inservice

sticky http-cookie TEST GROUP9TEST

cookie insert

replicate sticky

serverfarm TEST_SF

class-map match-any TEST_VIP

2 match virtual-address 10.2.23.26 tcp eq www

4 match virtual-address 10.2.23.26 tcp eq 8092

5 match virtual-address 10.2.23.26 tcp eq 8091

policy-map type loadbalance first-match TEST_HTTP

class class-default

sticky-serverfarm GROUP9TEST

action TEST_REWRITE

policy-map multi-match L4_VIP_POLICY

class TEST_VIP

loadbalance vip inservice

loadbalance policy TEST_HTTP

loadbalance vip icmp-reply active

coldeneqt · ‎02-17-2014

Thank you. I'm running Version A3(2.5)

Kanwaljeet Singh · ‎02-18-2014

Hi,

Sorry for delay in response. Haven't had the chance to look at it. Can you do this and try again.

class-map match-any TEST_VIP

2 match virtual-address 10.2.23.26 tcp eq www

4 match virtual-address 10.2.23.26 tcp eq 8092

5 match virtual-address 10.2.23.26 tcp eq 8091

class-map type http loadbalance match-all TEST_URL1

2 match http header Host header-value "erptest.eqt.*"

policy-map type loadbalance first-match TEST_HTTP

class TEST_URL1

sticky-serverfarm GROUP9TEST

action TEST_REWRITE

policy-map multi-match L4_VIP_POLICY

class TEST_VIP

loadbalance vip inservice

loadbalance policy TEST_HTTP

loadbalance vip icmp-reply active

Let me know how it goes.

Regards,

Kanwal

coldeneqt · ‎02-18-2014

Thank you - I still get the 400 returned from the server as a malformed request.

Interestingly the server is performing a 301 on the /jde/owhtml. The dev environment does not have the rewrite configured. If I hit erptest.eqt.com/jde/owhtml it is redirected on the server to erptest.eqt.com:8091/jde/xxxx.

Kanwaljeet Singh · ‎02-18-2014

Hi,

But you come with erptest.eqt.com and that should match the condition and ACE should rewrite the request as specified. Do you see that ACE is not rewriting the request at all? Can you do a capture?

I am not entirely sure though that we can rewrite path in the version you are running. We can in A5 version so you can test it. If you think ACE is just modifying the HOST part and not path then it may be a limitation in your version.

Regards,

Kanwal

coldeneqt · ‎02-18-2014

Thanks - I agree that should be enough. However, I was able to get the request working using a redirect. That still leaves me with a response rewrite to mask the port on the way back to the client. Are you aware of any way to do a combination of a redirect and a rewrite?

The capture from the client side only showed the server refusing the connection (400 error) due to a malformed request which looked perfectly fine from my side. Maybe it is a code issue...

Thank you again.

Kanwaljeet Singh · ‎02-18-2014

Hi,

If it is a server who is issuing a redirect we can rewrite the "Location header" but if it is ACE which is redirecting then you can make ACE to redirect it to whatever you want.

Regards,

Kanwal

coldeneqt · ‎02-18-2014

Thanks - The ACE is performing the redirect to port 8091 but port 8091 must be hidden in the response from the server to the client. Is that possible? I currently have a response rewrite nested with the redirect class-map but with no luck on the response rewrite. The 8091 is still visible.

action-list type modify http JDE9_TEST_REWRITE

header rewrite response host header-value "erptest.eqt.com:8091(.*)" replace "erptest.eqt.com%1"

policy-map type loadbalance first-match JDE9_TEST_PM

class JDE9_TEST_REDIRECT_CM

serverfarm JDE9_TEST_REDIRECT_SF

action JDE9_TEST_REWRITE

class class-default

sticky-serverfarm GROUP9TEST