ltm profile rewrite
ltm profile rewrite(1) BIG-IP TMSH Manual ltm profile rewrite(1)
NAME
rewrite - configure a rewrite profile
MODULE
ltm profile
SYNTAX
Configure the rewrite component within the profile module using the syntax shown in the following sections.
DISPLAY
list rewrite
list rewrite [[name] | [glob]]
show running-config rewrite
show running-config rewrite [[name] | [glob]]
options:
all-properties
non-default-properties
one-line
| grep
show rewrite
show rewrite [ [ [name] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
CREATE/MODIFY
create rewrite [name]
modify rewrite [name]
options:
app-service [[string] | none]
bypass-list [add | delete | replace-all-with | none] { [uri list] }
client-caching-type [cache-all | cache-css-js | cache-img-css-js | no-cache]
defaults-from [[name] | none]
java-ca-file [[certificate file] | none]
java-crl [[certificate revocation list file] | none]
java-sign-key [[certificate key file] | none]
java-sign-key-passphrase [[string] | none]
java-signer [[certificate file] | none]
location-specific [false | true]
rewrite-list [add | delete | replace-all-with | none] { [uri list] }
rewrite-mode [portal | uri-translation]
set-cookie-rules [add | delete | modify | replace-all-with | none] {
[name] {
client {
domain [string]
path [string]
}
server {
domain [string]
path [string]
}
}
}
split-tunneling [false | true]
uri-rules [add | delete | modify | replace-all-with | none] {
[name] {
[type [both | request | response]]
client {
scheme [string]
host [string]
port [string]
path [string]
}
server {
scheme [string]
host [string]
port [string]
path [string]
}
}
}
edit rewrite [ [ [name] | [glob] ] ... ]
options:
all-properties
non-default-properties
DELETE
delete rewrite [name]
DESCRIPTION
Use the rewrite component to configure a Rewrite Profile in URI Translation or Portal (Access) mode.
EXAMPLES
URI Translation Mode
Create a profile
create my_uri_rewrite rewrite-mode uri-translation
Add a rule to rewrite URIs
modify my_uri_rewrite uri-rules add { my_rule { client { path /client/ } server { path /server/ } } }
modify my_uri_rewrite uri-rules add { my_rule { client { scheme http host www.client.com path / }
server { scheme http host www.server.com path / } } }
Add a rule to rewrite Set-Cookie headers
modify my_uri_rewrite set-cookie-rules add { my_rule { client { domain client.com path / } server {
domain server.com path / } } }
Portal (Access) Mode
Create a profile
create my_portal_rewrite rewrite-mode portal
Configure the client to cache all files
modify my_portal_rewrite client-caching-type cache-all
Set the rewrite list and bypass list
modify my_portal_rewrite rewrite-list add { *://www.myportal.com/* http://abc*.com/* } bypass-list add
{ *://external_web.com/* }
Configure split-tunneling
modify my_portal_rewrite split-tunneling true
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you
cannot modify or delete the object. Only the application service can modify or delete the object.
bypass-list
Specifies a list of URIs that are bypassed inside a web page when the page is accessed using Portal
Access. The default is none.
client-caching-type
Specifies one of four options for client caching. When the Client Cache setting for a web application
resource is set to default, the system uses the setting configured in the Rewrite profile. If the
Client Cache option is configured for any other setting, the web application resource item caching
configuration overwrites the setting in the Rewrite profile. The default is cache-css-js. The options
are:
cache-all
Do not modify cache headers on backend servers.
cache-css-js
Cache only the CSS file and Java Script.
cache-img-css-js
Cache only images, the CSS file and Java Script.
no-cache
Eliminate caching.
defaults-from
Specifies the profile from which the Rewrite profile inherits properties. Explicitly specified
properties override inherited properties.
java-ca-file
Specifies a CA against which to verify signed Java applets signatures. The default value is
ca-bundle.crt.
java-crl
Specifies a CRL against which to verify signed Java applets signature certificates. The default value
is none.
java-sign-key
Specifies a private key for re-signing of signed Java applets after patching. The default value is
default.key.
java-sign-key-passphrase
Specifies a passphrase for the private key to be encrypted with. The default value is none. Note: your
passphrase will be encrypted and displayed under the label java-sign-key-passphrase-encrypted.
java-signer
Specifies a certificate to use for re-signing of signed Java applets after patching. The default value
is default.crt.
location-specific
Specifies whether or not this object contains one or more attributes with values that are specific to
the location where the BIG-IP device resides. The location-specific attribute is either true or false.
When using policy sync, mark an object as location-specific to prevent errors that can occur when
policies reference objects, such as authentication servers, that are specific to a certain location.
The default value is none.
rewrite-list
Specifies a list of URIs that are rewritten inside a web page when the page is accessed using Portal
Access. The default value is none.
rewrite-mode
Specifies the mode of rewriting. uri-translation is a rules-based rewrite mode. portal is for use with
Portal Access.
set-cookie-rules
Used with uri-translation mode. Specifies the rules for rewriting HTTP Set-Cookie headers. Each rule
has a name and a client and server domain and path. The name may be any alphanumeric string and must
be unique. The path must be an absolute directory path and not a relative path or a file path. If the
domain and path of the Set-Cookie header in the HTTP response match the domain and path of the server
side of a rule, they will be rewritten to the domain and path of client side of that rule. Set-Cookie
rules take precedence over URI rules when rewriting Set-Cookie headers.
split-tunneling
Specifies whether the profile provides for split tunneling. The default is false.
uri-rules
Used with uri-translation mode. Specifies the rules for rewriting request and response headers and
response bodies. These rules affect the following.
request headers
URI, Host, Referer
response headers
Content-Location, Link, Location, Refresh, Set-Cookie
response body
HTML, CSS
Each rule has a name, a type, and a client and server URI. The name may be any alphanumeric string and
must be unique. The type may be "request", "response", or "both": "request" rules affect request
headers only, "response" rules affect response headers and bodies only, and "both" rules affect both.
URIs must include a path; scheme, host, and port are optional. If a URI must contain a scheme or host,
it must include both. If it must include a port, it must also include a scheme and host. Paths may be
absolute directory paths only. They may not be relative paths or file paths. If a URI in a request
header matches the client side URI of a rule, it will be rewritten to the server side URI of that
rule. If a URI in a response header or body matches the server side URI of a rule, it will be
rewritten to the client side URI of that rule. When rewriting Set-Cookie headers, the host and path of
the server side URI are used to match the domain and path of the header. The client side host and path
replace that header's domain and path if a match is found. Set-Cookie rules take precedence over URI
rules when rewriting Set-Cookie headers.
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2013, 2015. All rights reserved.
BIG-IP 2016-08-12 ltm profile rewrite(1)