Forum Discussion
brad_scherer_11
Nimbostratus
Nimbostratus443 to 7678
Hi everybody. Recently I have been working with the v.9 BIgIP's quite frequently and have just started delving into the wonderful if not slightly complex world of iRules. I have read through a lot of the posts and done some searching, but I still can not find a good example of what I am trying to do.
I am by no means experienced with iRules, but more than willing to learn and contribute as I go. I have done a few http to https redirects with minimal effort, but now I have one that I can't seem to figure out.
We have a virtual server that terminates SSL connections on 443. We want to redirect them to a virtual server (same IP) on 7678 and then of course a pool with members listening on 7678.
Can I just direct them to the pool listening on 7678 or do I redirect to the virtual server?
This rule is probably no where close and does not even load correctly, but I think this is close to what I want to do:
_______________________________________________
This will redirect from 443 to 7678
when HTTP_REQUEST {
if { [TCP::local_port equals 443] }
redirect to ([TCP::local_port:7678]}
}
_______________________________________________
This is the error when I try to load it:
I would spend more time troubleshooting the error log if I knew I was on the right track.
_______________________________________________
01070151:3: Rule [SMART-SSL-Redirect] error:
line 3: [wrong args] [TCP::local_port equals 443]
line 3: [missing a script after "if"] []
line 4: [undefined procedure: TCP::local_port:7678] [TCP::local_port:7678]
line 5: [command is not valid in the current scope] [}]
_______________________________________________
Any help would be greatly appreciated.
Thanks ,
Brad
- You should be able to simply use the pool with the pool members listening on 7678. The BIGIP will automatically take care of translating to that port (unless you specifically disabled port translation on the virtual). You don't even need an iRule for this task.
- JRahm
Admin
Were you a version 4 user previously? Your question reminded me of my confusion in transitioning... In v4, you had to do the redirection to another virtual, in v9, utilizing the clientssl profile eliminates that redirection. If you are needing http and https, you can create two virtuals, ip:80 and ip:443, utilizing a single pool for both and creating a clientssl profile for the ip:443 virtual. Or, you can create a wildcard virtual ip:0, and write a rule to do the rest:when CLIENT_ACCEPTED { if { [TCP::local_port] == "80" } { SSL::disable pool myPool } elseif { [TCP::local_port] == "443" } { pool myPool } else { discard } }
Note that you will need to have a valid clientssl profile configured on the virtual server. 
brad_scherer_11citizen_elah you are correct about coming from 4.X. That is exactly where my confusion lies. I am migrating 8 sets of 4x into a set of 6400's (production) and 4 sets of 4x to a set of 3400's (testlab).
citizen_elah thanks for the info. So as I understand, the implementation would be,
443 vip
clientssl profile (which I already have working)
pool for the servers on 7678.
No iRule is necessary in this case right? Your rule is implemented if I want to allow port 80 or 443 without having a redirect. In this case the business requirement is for all 443 to the F5 with no redirect then 7678 to the server on the backend. They may want a redirect in the future but not yet.
Thanks- JRahmNot yet, but hopefully soon??
Feel free to contact me directly if you have any questions.
