For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jba3126's avatar
jba3126
Icon for Cirrostratus rankCirrostratus
Sep 12, 2014

Basic iRule to Redirect HTTP to HTTPS Custom URI with ? Mark is Failing

We have a site that is using vanity URLs that are being parsed to send them to particular branded sites. We are getting in a redirect loop. We believe it is because of a question Mark in the URI. The iRule is applied to the 80/HTTP virtual.

 

HTTP Site URL/URL - http://www.site.com

 

Redirect needed - https://www.site.com/product?customer1

 

Current iRule: when HTTP_REQUEST {

 

Redirects to HTTPS

HTTP::redirect "https://www.site.com/product?customer1" }

 

In FireFox we are seeing the redirect going to - https://www.site.com/product/?customer1 As you can see the / is being added, which is causing a redirect loop. It's like the ? mark is getting misinterprited.

 

I tried to create an httpclass to do the site thing and in looking at the configuration from tmsh, it is not interpriting the ? correctly. We were on Cisco CSS and this was not an issue.

 

ltm profile httpclass www.site.com-http-rdr { defaults-from httpclass pool none redirect "https://www.site.com/product\?customer1" }

 

Customers are complaining since the migration so any help would be greatly appreciated.

 

application delivery
availability
BIG-IP Access Policy Manager (APM)
devops
iRules
LTM
question mark in uri
security

3 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Sep 12, 2014

    Well, semantically speaking that URI pattern is correct:

    https://www.site.com/product/?customer1

    Everything to the left of the question mark is part of the path, so the trailing / is generally legitimate. If you type the above URL directly into a browser, what does it do?

  • jba3126's avatar
    jba3126
    Icon for Cirrostratus rankCirrostratus
    Sep 12, 2014

    When I go to this in a browser I get redirected the main login page: https://www.site.com/Product/Public/Logon.aspx?ReturnUrl=%2fproduct%3fcustomer&customer

     

    What we are seeing is the user is going to the http, getting redirected to https just fine, which is then redirected on the server to the above URL. Once the user logs in and answers some security question, they are redirected to, http://www.site.com/product/?customer and the user is stuck. Now if they add an s to the http://www.site.com/product/?customer they are stuck on, it will continue into the site normally (picks up the session). So it looks like two things here. One the site seems to be comming back over 80 after login and the URI path is not being preserved.

     

  • jba3126's avatar
    jba3126
    Icon for Cirrostratus rankCirrostratus
    Sep 12, 2014

    Update: We modified the iRule to what the browser is already interpreting and it works now. I don't understand why this works now, but wanted to provide an update for the benifit of others. Thank you Kevin for your insight (trailing / is generally legitimate) to help us resolve this.

     

    So the iRule now reads:

     

    when HTTP_REQUEST {

     

    Redirects to HTTPS

    HTTP::redirect "https:/www.site.com/product/?customer" }