ltm profile rewrite
ltm profile rewrite(1) BIG-IP TMSH Manual ltm profile rewrite(1)
NAME
rewrite - configure a rewrite profile
MODULE
ltm profile
SYNTAX
Configure the rewrite component within the profile module using the
syntax shown in the following sections.
DISPLAY
list rewrite
list rewrite [[name] | [glob]]
show running-config rewrite
show running-config rewrite [[name] | [glob]]
options:
all-properties
non-default-properties
one-line
| grep
show rewrite
show rewrite [ [ [name] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
CREATE/MODIFY
create rewrite [name]
modify rewrite [name]
options:
app-service [[string] | none]
bypass-list [add | delete | replace-all-with | none] { [uri list] }
client-caching-type [cache-all | cache-css-js | cache-img-css-js | no-cache]
defaults-from [[name] | none]
java-ca-file [[certificate file] | none]
java-crl [[certificate revocation list file] | none]
java-sign-key [[certificate key file] | none]
java-sign-key-passphrase [[string] | none]
java-signer [[certificate file] | none]
location-specific [false | true]
rewrite-list [add | delete | replace-all-with | none] { [uri list] }
rewrite-mode [portal | uri-translation]
set-cookie-rules [add | delete | modify | replace-all-with | none] {
[name] {
client {
domain [string]
path [string]
}
server {
domain [string]
path [string]
}
}
}
split-tunneling [false | true]
uri-rules [add | delete | modify | replace-all-with | none] {
[name] {
[type [both | request | response]]
client {
scheme [string]
host [string]
port [string]
path [string]
}
server {
scheme [string]
host [string]
port [string]
path [string]
}
}
}
edit rewrite [ [ [name] | [glob] ] ... ]
options:
all-properties
non-default-properties
DELETE
delete rewrite [name]
DESCRIPTION
Use the rewrite component to configure a Rewrite Profile in URI
Translation or Portal (Access) mode.
EXAMPLES
URI Translation Mode
Create a profile
create my_uri_rewrite rewrite-mode uri-translation
Add a rule to rewrite URIs
modify my_uri_rewrite uri-rules add { my_rule { client { path
/client/ } server { path /server/ } } }
modify my_uri_rewrite uri-rules add { my_rule { client { scheme
http host www.client.com path / } server { scheme http host
www.server.com path / } } }
Add a rule to rewrite Set-Cookie headers
modify my_uri_rewrite set-cookie-rules add { my_rule { client {
domain client.com path / } server { domain server.com path / }
} }
Portal (Access) Mode
Create a profile
create my_portal_rewrite rewrite-mode portal
Configure the client to cache all files
modify my_portal_rewrite client-caching-type cache-all
Set the rewrite list and bypass list
modify my_portal_rewrite rewrite-list add {
*://www.myportal.com/* http://abc*.com/* } bypass-list add {
*://external_web.com/* }
Configure split-tunneling
modify my_portal_rewrite split-tunneling true
OPTIONS
app-service
Specifies the name of the application service to which the
object belongs. The default value is none. Note: If the strict-
updates option is enabled on the application service that owns
the object, you cannot modify or delete the object. Only the
application service can modify or delete the object.
bypass-list
Specifies a list of URIs that are bypassed inside a web page
when the page is accessed using Portal Access. The default is
none.
client-caching-type
Specifies one of four options for client caching. When the
Client Cache setting for a web application resource is set to
default, the system uses the setting configured in the Rewrite
profile. If the Client Cache option is configured for any other
setting, the web application resource item caching
configuration overwrites the setting in the Rewrite profile.
The default is cache-css-js. The options are:
cache-all
Do not modify cache headers on backend servers.
cache-css-js
Cache only the CSS file and Java Script.
cache-img-css-js
Cache only images, the CSS file and Java Script.
no-cache
Eliminate caching.
defaults-from
Specifies the profile from which the Rewrite profile inherits
properties. Explicitly specified properties override inherited
properties.
java-ca-file
Specifies a CA against which to verify signed Java applets
signatures. The default value is ca-bundle.crt.
java-crl
Specifies a CRL against which to verify signed Java applets
signature certificates. The default value is none.
java-sign-key
Specifies a private key for re-signing of signed Java applets
after patching. The default value is default.key.
java-sign-key-passphrase
Specifies a passphrase for the private key to be encrypted
with. The default value is none. Note: your passphrase will be
encrypted and displayed under the label java-sign-key-
passphrase-encrypted.
java-signer
Specifies a certificate to use for re-signing of signed Java
applets after patching. The default value is default.crt.
location-specific
Specifies whether or not this object contains one or more
attributes with values that are specific to the location where
the BIG-IP device resides. The location-specific attribute is
either true or false. When using policy sync, mark an object as
location-specific to prevent errors that can occur when
policies reference objects, such as authentication servers,
that are specific to a certain location. The default value is
none.
rewrite-list
Specifies a list of URIs that are rewritten inside a web page
when the page is accessed using Portal Access. The default
value is none.
rewrite-mode
Specifies the mode of rewriting. uri-translation is a rules-
based rewrite mode. portal is for use with Portal Access.
set-cookie-rules
Used with uri-translation mode. Specifies the rules for
rewriting HTTP Set-Cookie headers. Each rule has a name and a
client and server domain and path. The name may be any
alphanumeric string and must be unique. The path must be an
absolute directory path and not a relative path or a file path.
If the domain and path of the Set-Cookie header in the HTTP
response match the domain and path of the server side of a
rule, they will be rewritten to the domain and path of client
side of that rule. Set-Cookie rules take precedence over URI
rules when rewriting Set-Cookie headers.
split-tunneling
Specifies whether the profile provides for split tunneling. The
default is false.
uri-rules
Used with uri-translation mode. Specifies the rules for
rewriting request and response headers and response bodies.
These rules affect the following.
request headers
URI, Host, Referer
response headers
Content-Location, Link, Location, Refresh, Set-Cookie
response body
HTML, CSS
Each rule has a name, a type, and a client and server URI. The
name may be any alphanumeric string and must be unique. The
type may be "request", "response", or "both": "request" rules
affect request headers only, "response" rules affect response
headers and bodies only, and "both" rules affect both. URIs
must include a path; scheme, host, and port are optional. If a
URI must contain a scheme or host, it must include both. If it
must include a port, it must also include a scheme and host.
Paths may be absolute directory paths only. They may not be
relative paths or file paths. If a URI in a request header
matches the client side URI of a rule, it will be rewritten to
the server side URI of that rule. If a URI in a response header
or body matches the server side URI of a rule, it will be
rewritten to the client side URI of that rule. When rewriting
Set-Cookie headers, the host and path of the server side URI
are used to match the domain and path of the header. The client
side host and path replace that header's domain and path if a
match is found. Set-Cookie rules take precedence over URI rules
when rewriting Set-Cookie headers.
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2013, 2015. All rights
reserved.
BIG-IP 2016-08-12 ltm profile rewrite(1)