Forum Discussion
NimbostratusAdvisory on http to https redirection
This is the existing iRule at http virtual server to redirect to https. SSL offloading is done at F5. Please advise what does this irule mean? If my understanding is correct, it will mask out some header in http request. My another question is that what is the different between TCP respond and SSL respond? Is it suitable to implement TCP:respond here instead of SSL::respond? Kindly advise on the functionality of below iRule.
when HTTP_REQUEST {
log local0. "[HTTP::host] + [HTTP::uri]"
if {[TCP::local_port] == 80 } { set my_loc "https://[HTTP::host][HTTP::uri]" TCP::respond "HTTP/1.1 302 Found\r\nLocation: $my_loc\r\nConnection: close\r\nContent-Length: 0\r\n\r\n" TCP::close } }
1 Reply
- Kai_Wilke
MVP
Hi Pwint,
it would
your[log]
and[HTTP::host]
and then send a 302 HTTP redirect through a raw TCP:80 connection and then closes the connection. If the received connection is not TCP:80, then it would just[HTTP::uri]
.[log]I saw your other post (the post where you found this snippet). This is an old workaround to suppress the BigIP server header in HTTP responses send by your LTM. But in these days, the
command has build-in[HTTP::respond]
option, so that the rawnoserver
method wouldn't be required anymore. It will now look like this and can be used for incomming HTTP as well for HTTPS request...[TCP::respond]HTTP::respond 302 noserver "Location" "https://[HTTP::host][HTTP::uri]" "Connection" "close"The usecases of the
and[TCP::respond]
commands are somewhat comparable. The TCP version will send a raw cleartext TCP response and the SSL version would send a SSL protected but still raw TCP response. Basically the difference is just where the commands would integrate into the OSI-stack...[SSL::respond]Cheers, Kai
