Forum Discussion

nvv_109301's avatar
nvv_109301
Icon for Nimbostratus rankNimbostratus
Jul 26, 2010

Catching http responses from SSL session

I have several iRules in place to decide which server pool to use as well as force SSL using redirects to https. I also want to catch 404 and 500 responses and redirect to another site for a polite message. To that end, I have the following code:

 

 

when HTTP_RESPONSE

 

{ if { ([HTTP::status] == 404) or ([HTTP::status] == 500)}

 

{ HTTP::redirect "http://polite_message.com/index.htm" } }

 

 

While this code works correctly for 404/500's found within an http session, the code doesn't seem to catch the http responses from our server farm in an https session. The communication behind our LTM is all port 80 so I was expecting the iRule to be able to see the HTTP::status before the responses went back through the LTM to the user. Apparently, that's not the case. Can someone shed light on how to catch these status codes in an https session?

 

 

Thank you,

 

 

Nathan

 

application delivery
dev
devops
iRules
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Jul 27, 2010
    Your code should work fine. If you're SSL Offloading, then the same HTTP iRules will work with the VS. Are you sure the iRUle is attached to your HTTPS VS? (This is ignoring any browser errors arising from redirecting to an HTTP site from an HTTPS connection).

     

     

    H
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jul 27, 2010
    As Hamish said, the HTTP iRule should work okay on an HTTPS VS that has a client SSL profile enabled to decrypt the SSL. You can check whether to send an HTTP or HTTPS redirect based on whether the client used an SSL cipher. As Hamish suggested, this should avoid a browser warning about switching from HTTPS to HTTP.

     

     

    when HTTP_REQUEST {

    Hide the SSL:: command from the iRule parser
    so the iRule can be used on a non-client SSL VS
   set cipher_cmd "SSL::cipher version"

    Check if the client used an SSL cipher and it's not "none"
   if {not ([catch {eval $cipher_cmd} result]) && $result ne "none"}{
       Client did use a cipher
      set proto "https"
   } else {
       Client did not use a cipher
      set proto "http"
   }
}
when HTTP_RESPONSE {

    Check the server response code
   switch [HTTP::status] {
      404 -
      500 {
         HTTP::redirect "$proto://polite_message.com/index.htm"
      }
   }
}

     

     

    Aaron