For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Joe_Pipitone's avatar
Joe_Pipitone
Icon for Nimbostratus rankNimbostratus
Oct 05, 2015

Bypass SSL redirect if URI is....

I have 2 set of iRules that I'd like to combine into 1, however I'm unable to apply the logic without the result ending up in a loop. The end result needs to be - if the URI is "/articles/2015/09/0...
application delivery
devops
iRules
LTM
Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Oct 06, 2015

Looks like you used "TCP::remote_port" in your first if. That is what caused your loop since its not being matched. Try this:

when HTTP_REQUEST {
    if { [TCP::local_port] eq 80 && !([string tolower [HTTP::uri]] eq "/articles/2015/09/09/something.aspx") }
    {
        HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
    }
    elseif { [TCP::local_port] eq 443 && [string tolower [HTTP::uri]] eq "/articles/2015/09/09/something.aspx" } {
        HTTP::redirect http://[getfield [HTTP::host] ":" 1][HTTP::uri]
    }
    else {
       HTTP::redirect https://[HTTP::host][HTTP::uri]
    }
}
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Oct 06, 2015
    Also, your last else statement is not necessary and causes a loop. when HTTP_REQUEST { if { [TCP::local_port] eq 80 && !([string tolower [HTTP::uri]] eq "/articles/2015/09/09/something.aspx") } { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } elseif { [TCP::local_port] eq 443 && [string tolower [HTTP::uri]] eq "/articles/2015/09/09/something.aspx" } { HTTP::redirect http://[getfield [HTTP::host] ":" 1][HTTP::uri] } }
  • Joe_Pipitone's avatar
    Joe_Pipitone
    Icon for Nimbostratus rankNimbostratus
    Oct 06, 2015
    Thanks - but it still results in a redirect loop.
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Oct 06, 2015
    with the else removed it loops?
  • Joe_Pipitone's avatar
    Joe_Pipitone
    Icon for Nimbostratus rankNimbostratus
    Oct 06, 2015
    If I remove the HTTP::redirect from the last else statement, and replace it with "return" it does not loop. Traffic does not get forced to https however - as it allows the request through regardless of the port. I have to make sure the traffic is HTTPS unless it's that one particular URI.
  • Joe_Pipitone's avatar
    Joe_Pipitone
    Icon for Nimbostratus rankNimbostratus
    Oct 06, 2015
    Looks like it worked when I removed the last else statement - and it IS forcing HTTPS. My question is - from how I understand the logic, shouldn't it only force https IF the two are true since we're using &&? If the port is 80 AND the URI matches, then force ssl, otherwise, don't? I think this works for us. Thank you
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Oct 06, 2015
    that first if is "if 80 and NOT uri" redirect. That's why it forces https in the first if.