ltm profile rewrite
ltm profile rewrite(1) BIG-IP TMSH Manual ltm profile rewrite(1)
NAME
rewrite - configure a rewrite profile
MODULE
ltm profile
SYNTAX
Configure the rewrite component within the profile module using the syntax shown in the following sections.
DISPLAY
list rewrite
list rewrite [[name] | [glob]]
show running-config rewrite
show running-config rewrite [[name] | [glob]]
options:
all-properties
non-default-properties
one-line
| grep
show rewrite
show rewrite [ [ [name] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
CREATE/MODIFY
create rewrite [name]
modify rewrite [name]
options:
app-service [[string] | none]
bypass-list [add | delete | replace-all-with | none] { [uri list] }
client-caching-type [cache-all | cache-css-js | cache-img-css-js | no-cache]
defaults-from [[name] | none]
java-ca-file [[certificate file] | none]
java-crl [[certificate revocation list file] | none]
java-sign-key [[certificate key file] | none]
java-sign-key-passphrase [[string] | none]
java-signer [[certificate file] | none]
location-specific [false | true]
rewrite-list [add | delete | replace-all-with | none] { [uri list] }
rewrite-mode [portal | uri-translation]
set-cookie-rules [add | delete | modify | replace-all-with | none] {
[name] {
client {
domain [string]
path [string]
}
server {
domain [string]
path [string]
}
}
}
split-tunneling [false | true]
uri-rules [add | delete | modify | replace-all-with | none] {
[name] {
[type [both | request | response]]
client {
scheme [string]
host [string]
port [string]
path [string]
}
server {
scheme [string]
host [string]
port [string]
path [string]
}
}
}
edit rewrite [ [ [name] | [glob] ] ... ]
options:
all-properties
non-default-properties
DELETE
delete rewrite [name]
DESCRIPTION
Use the rewrite component to configure a Rewrite Profile in URI Translation or Portal (Access) mode.
EXAMPLES
URI Translation Mode
Create a profile
create my_uri_rewrite rewrite-mode uri-translation
Add a rule to rewrite URIs
modify my_uri_rewrite uri-rules add { my_rule { client { path /client/ } server { path /server/ } } }
modify my_uri_rewrite uri-rules add { my_rule { client { scheme http host www.client.com path / } server { scheme
http host www.server.com path / } } }
Add a rule to rewrite Set-Cookie headers
modify my_uri_rewrite set-cookie-rules add { my_rule { client { domain client.com path / } server { domain
server.com path / } } }
Portal (Access) Mode
Create a profile
create my_portal_rewrite rewrite-mode portal
Configure the client to cache all files
modify my_portal_rewrite client-caching-type cache-all
Set the rewrite list and bypass list
modify my_portal_rewrite rewrite-list add { *://www.myportal.com/* http://abc*.com/* } bypass-list add {
*://external_web.com/* }
Configure split-tunneling
modify my_portal_rewrite split-tunneling true
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.
bypass-list
Specifies a list of URIs that are bypassed inside a web page when the page is accessed using Portal Access. The
default is none.
client-caching-type
Specifies one of four options for client caching. When the Client Cache setting for a web application resource is
set to default, the system uses the setting configured in the Rewrite profile. If the Client Cache option is
configured for any other setting, the web application resource item caching configuration overwrites the setting in
the Rewrite profile. The default is cache-css-js. The options are:
cache-all
Do not modify cache headers on backend servers.
cache-css-js
Cache only the CSS file and Java Script.
cache-img-css-js
Cache only images, the CSS file and Java Script.
no-cache
Eliminate caching.
defaults-from
Specifies the profile from which the Rewrite profile inherits properties. Explicitly specified properties override
inherited properties.
java-ca-file
Specifies a CA against which to verify signed Java applets signatures. The default value is ca-bundle.crt.
java-crl
Specifies a CRL against which to verify signed Java applets signature certificates. The default value is none.
java-sign-key
Specifies a private key for re-signing of signed Java applets after patching. The default value is default.key.
java-sign-key-passphrase
Specifies a passphrase for the private key to be encrypted with. The default value is none. Note: your passphrase
will be encrypted and displayed under the label java-sign-key-passphrase-encrypted.
java-signer
Specifies a certificate to use for re-signing of signed Java applets after patching. The default value is
default.crt.
location-specific
Specifies whether or not this object contains one or more attributes with values that are specific to the location
where the BIG-IP device resides. The location-specific attribute is either true or false. When using policy sync,
mark an object as location-specific to prevent errors that can occur when policies reference objects, such as
authentication servers, that are specific to a certain location. The default value is none.
rewrite-list
Specifies a list of URIs that are rewritten inside a web page when the page is accessed using Portal Access. The
default value is none.
rewrite-mode
Specifies the mode of rewriting. uri-translation is a rules-based rewrite mode. portal is for use with Portal
Access.
set-cookie-rules
Used with uri-translation mode. Specifies the rules for rewriting HTTP Set-Cookie headers. Each rule has a name and
a client and server domain and path. The name may be any alphanumeric string and must be unique. The path must be
an absolute directory path and not a relative path or a file path. If the domain and path of the Set-Cookie header
in the HTTP response match the domain and path of the server side of a rule, they will be rewritten to the domain
and path of client side of that rule. Set-Cookie rules take precedence over URI rules when rewriting Set-Cookie
headers.
split-tunneling
Specifies whether the profile provides for split tunneling. The default is false.
uri-rules
Used with uri-translation mode. Specifies the rules for rewriting request and response headers and response bodies.
These rules affect the following.
request headers
URI, Host, Referer
response headers
Content-Location, Link, Location, Refresh, Set-Cookie
response body
HTML, CSS
Each rule has a name, a type, and a client and server URI. The name may be any alphanumeric string and must be
unique. The type may be "request", "response", or "both": "request" rules affect request headers only, "response"
rules affect response headers and bodies only, and "both" rules affect both. URIs must include a path; scheme,
host, and port are optional. If a URI must contain a scheme or host, it must include both. If it must include a
port, it must also include a scheme and host. Paths may be absolute directory paths only. They may not be relative
paths or file paths. If a URI in a request header matches the client side URI of a rule, it will be rewritten to
the server side URI of that rule. If a URI in a response header or body matches the server side URI of a rule, it
will be rewritten to the client side URI of that rule. When rewriting Set-Cookie headers, the host and path of the
server side URI are used to match the domain and path of the header. The client side host and path replace that
header's domain and path if a match is found. Set-Cookie rules take precedence over URI rules when rewriting Set-
Cookie headers.
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2013, 2015. All rights reserved.
BIG-IP 2016-08-12 ltm profile rewrite(1)