Forum Discussion
Nimbostratus443 VIP redirect
for https redirect on 443 VIP from / to login.aspx do I need 80 VIP? if I stand up port 80 VIP it works , but that is extra step.
please advise.
11 Replies
Michael_YatesHi KJ,
You shouldn't. You should be able to use the first example below and maintain your protocol, but if it is not working properly you still have options with the second examplewhen HTTP_REQUEST { if { [HTTP::path] equals "/" } { HTTP::redirect "/login.aspx" } } when HTTP_REQUEST { if { not ([HTTP::uri] equals "/") } { HTTP::redirect "https://[getfield [HTTP::host] ":" 1]/login.aspx" } }
ArieAltostratus
Dont' forget that "/default.aspx" is probably a valid equivalent to "/". Also, if you don't set up a VIP for port 80 the visitors will be forced to include the protocol (https://). If they simply enter the domain name their request will fail.
KJ_50941Thx, all I give it a try.- KJ_50941ok, requirement is chnages http has to redirect to login.aspx and https as well. my http work but https get rediect to http on brower, what am I missing?
my http:
when HTTP_REQUEST {
if { [HTTP::uri] eq "/" } {
HTTP::redirect http://[HTTP::host]/login.aspx
}
}
https is:
when HTTP_REQUEST {
if { [HTTP::uri] eq "/" } {
HTTP::redirect https://[HTTP::host]/login.aspx
}
} - Arie
In your rule for http:
HTTP::redirect http://[HTTP::host]/login.aspxYou're using "http" instead of "https".Question: why use two iRules? You can use the same rule for the VIPSs on port 80 and 443.
- KJ_50941we want Http goes for eaxmaple to login.aspx and 443 takes to login.aspx, when I change http to https port 80 doesn't work
when HTTP_REQUEST {
if { [HTTP::uri] eq "/" } {
HTTP::redirect https://[HTTP::host]/login.aspx
}
}
can you tell me what exactly I need to use.
thx - Kevin_Stewart
Employee
I think the single VIP solution is more trouble than it's worth. To enable a VIP to listen on multiple ports (in this case 80 and 443), you have to set the port to *any, which means you now have to filter out everything but port 80 and 443 traffic and enable or disable an SSL profile based on the protocol.The alternative is to create a very simple port 80 VIP on the same IP address and then assign an HTTP profile and the built-in _sys_https_redirect iRule. The all of your URI redirect logic is applied to your HTTPS VIP. - KJ_50941I created port 80 and port 443, applied http profile to both, if I do redirect from http to https is works fine, however app owners needs to go to 80 and 443 seperatly, is this possible?
what can I do to make both 80 and 443 works? - Kevin_StewartI may be missing something here. Are you asking how to allow port 80 AND port 443 access? If so, then you just need two different VIPs, which could potentially use the same URI redirect logic iRule.
If by this statement, "my http work but https get rediect to http on brower", you're suggesting that the 443 VIP works, but the app still sends users redirects with HTTP://, then you have a different problem. In this case, if it's just redirects, turn on Redirect Rewrite Matching in the HTTP profile. If the HTTP:// references are for embedded objects (images, CSS, JS, etc.), then you're best bet is a stream profile and simple stream iRule. Better first to determine what the references are though. - Arie
I'm not sure I fully understand the requirements for your setup yet, but I'd recommend separate VIPs for 80 and 443. Also, if you will want to avoid mixing secure and non-secure content when users are accessing the page over SSL - otherwise the browsers will warn the users of potential security problems on the page.
