AppWorld DC Booth Kiosk Generator

iRule Explanation - from the iRules Toolbox

Source: redirect_non_ssl_on_port_443.txt

# Create an F5 BIG-IP iRule that enforces HTTPS connections and directs users to a login page. The rule should check if the connection is encrypted by attempting to get the SSL cipher version. For unencrypted connections, log the detection and redirect to the HTTPS version of the Login.jsp page. For encrypted connections, allow the request to proceed but redirect requests for the root path to the Login.jsp page. Include error handling for the SSL cipher check and extract the hostname without port number when constructing redirect URLs.

when HTTP_REQUEST priority 500 {
    # Try to get the SSL cipher version and catch any errors
    # This checks if the connection is encrypted (SSL/TLS)
    if {([catch {SSL::cipher version} result]) || $result eq "none"} {
        # Log that we detected an unencrypted request
        log local0. "\: $result. Redirecting unencrypted request."

        # Redirect to HTTPS version of the site, specifically to Login.jsp
        # getfield extracts the hostname without port number (if any)
        HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp"

        # Exit the rule early
        return
    }

    # If we reach here, the connection is encrypted
    # Log that we're allowing the encrypted request
    log local0. "\: $result. Allowing encrypted request."
 
    # If the request is for the root path "/"
    if {[HTTP::path] eq "/"} {
        # Redirect to the Login.jsp page
        # This ensures users going to the root are sent to the login page
        HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp"
    }
}

Explanation (generated by F5 Distributed Cloud AI Assistant):

Objective
• Enforce that all client requests use HTTPS by detecting the SSL/TLS state.
• Redirect plain‐HTTP requests to the HTTPS Login.jsp page, logging the event.
• Allow encrypted requests to proceed but send clients hitting “/” to Login.jsp.
• Extract the hostname without the port when building redirect URLs and handle SSL check errors.

Execution Flow
• Event: when HTTP_REQUEST priority 500 fires on each HTTP request (docs: valid event).
• The rule runs [catch {SSL::cipher version} result] to test for an SSL/TLS cipher (docs: SSL::cipher version).
• If catch returns non‐zero (error) OR $result eq "none"
– Log detection of an unencrypted request.
– Redirect to https://[getfield [HTTP::host] : 1]/Login.jsp (uses getfield to strip port; docs: getfield syntax).
– return exits this event early (docs: return stops the current event).
• Otherwise (encrypted connection)
– Log that the encrypted request is allowed.
– If [HTTP::path] eq "/" (docs: HTTP::path returns the request path)
• Redirect to https://[getfield [HTTP::host] : 1]/Login.jsp.

Potential Logic Concerns
• The log commands use local0. without specifying a severity level (docs require <facility>.<level>). This will fail at runtime. (high confidence)

Overall Summary
This iRule correctly enforces HTTPS, handles SSL detection errors, and redirects root‐path requests to Login.jsp while preserving the hostname. Fixing the log facility syntax will ensure proper logging.
F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind.