I have a URL where I need to alter the path, to eliminate the SSL in or w/o caring what comes afterSSL/. I thought it would fairly simple, but I can't get it to work. Thanks.

Easy enough using the string command. Just to verify though, you want to remove this between LTM and your pool members. You aren't trying to redirect the user or anything like that? when HTTP_REQUEST { if { [string tolower [HTTP::uri]] starts_with "/ssl/" } { HTTP::uri [string range [HTTP::uri] 4 end] } }

Thanks for the replies. I actually got this to work.. I'll try yours too Hoolio. when HTTP_REQUEST { if {[string tolower [HTTP::path]] starts_with "/ssl"}{ HTTP::redirect "https://site1.com[string map -nocase {/ssl/ /} [HTTP::uri]]" } }

Aaron/Colin - let's say he wanted to remove the string "/ssl" that occurred anywhere within the rule, what would we use then?

One more question. How do I make this work if the request is https? This has stumped me in the past.

Aaron/Colin - let's say he wanted to remove the string "/ssl" that occurred anywhere within the rule, what would we use then? You could check for a URI containing "ssl" and then use string map as Dave did. Dave, if the virtual server is for HTTPS traffic, you'd need to import the server cert/key in a client SSL profile and then add that to the virtual server. This allows LTM to decrypt the SSL and inspect and modify the HTTP. Aaron

Change path | DevCentral

16 Replies

Chris_Miller
Altostratus
Feb 07, 2011
You need to have a ClientSSL profile on your SSL Virtual Server so it can decrypt the traffic, view the requested path, and rewrite it.
DaveC_21078
Altostratus
Feb 08, 2011
I have an SSL profile that decrypts the traffic. I do know how the F5 works. What I don't know is why your rule only works for http traffic while mine works for all traffic. It's not a decryption issue. Yours is not the only rule that I've seen work this way. Perhaps I should start a new topic since this is a different issue than what I originally asked. I do appreciate the help.

hooleylist

Cirrostratus

Feb 08, 2011

I think the offset for the string range needs to be 4 instead of 3 as /ssl is 4 characters. Can you try testing with some additional logging?

when HTTP_REQUEST {
  log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [virtual name]\
    [IP::local_addr]:[TCP::local_port] [HTTP::host][HTTP::uri]"
  set uri [tolower [HTTP::uri]]
  if { $uri starts_with "/ssl/" } {
    log local0. "[IP::client_addr]:[TCP::client_port]: URI starts with /ssl/,\
      updating URI to [string range [HTTP::uri] [expr {[string first /ssl/ $uri] + 4}] end]"
    HTTP::uri [string range [HTTP::uri] [expr {[string first /ssl/ $uri] + 4}] end]
  } 
}

Aaron

DaveC_21078
Altostratus
Feb 08, 2011
We need to get rid of one of the slashes too. So /SSL/ becomes /. This works correctly when the request is http. https requests don't get changed at all.
hooleylist
Cirrostratus
Feb 08, 2011
With the updated iRule, /ssl/ is rewritten to /. Can you try testing with the updated rule and debug logging to see what is logged when it fails over HTTPS?

Aaron
DaveC_21078
Altostratus
Feb 08, 2011
I figured it out. I was looking at it wrong. I am re-writing http requests to https after it hits the rule to eliminate /SSL. So for the http request, I've removed /SSL and then pass the new URL to the second rule, which rewrites it https w/o /SSL, since that already got stripped, and my browser shows the new URL w/o /SSL. But when the request is https, only the first rule gets applied and passes on the request to the web server w/o /SSL but does not change the URL in the browser. So it works for both requests, but the URL in the browser is unchanged. That's what was throwing me. I really appreciate all the help.

Forum Discussion

Change path

16 Replies

Recent Discussions

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Ansible modules for F5OS

Related Content

Community Learning Path: Multi-Cloud Networking

TMOS Version Update Paths

Crafting Secure Paths: The Intricacies of VPN Solutions on BIG-IP APM

Community Learning Path: Web Application and API Protection (WAAP)

F5 - Certification Path - Beginner