Controlling Secure content - https to http redirect?

Hi Folks,

 

 

I'm having a problem with what must be easy iRules, but can't find any references that fit my needs. and i'm failing (and beginning to lose it )

 

Background, LTM BIG-IP 9.4.5 Build 1086.1 Final

 

 

2 VS one on 443 for secure applications, one on 80 for static content.

 

 

The requirement is any request that contains "/app1" or "/app2" or "/app3" be 302 redirected to HTTPS, and therefore on to the 443 VS. and on to the secure_pool servers.

 

 

I'm doing this with this irule applied to the port 80 VS:

 

 

rule Force_https_for_applications {

 

when HTTP_REQUEST {

 

if { [HTTP::uri] contains "/app1" or [HTTP::uri] contains "/app2" or [HTTP::uri] contains "/app3" } {

 

HTTP::redirect https://[HTTP::host][HTTP::uri]

 

}

 

}

 

}

 

 

All good here.

 

 

The next requirement is the one I'm failing on - Everything Else can only be served unsecurely from the content VS. So a 302 redirect to http should fit.

 

 

If I attach an inverse rule to the 443 VS then allHTTPS traffic fails with a reset.

 

Here's one of the many I've tried

 

 

rule Force_http_for_content {

 

when HTTP_REQUEST {

 

if { not [HTTP::uri] contains "/app1" or not [HTTP::uri] contains "/app2" or not [HTTP::uri] contains "/app3" } {

 

HTTP::redirect http://[HTTP::host][HTTP::uri]

 

}

 

}

 

}

 

 

--------------------------------------------------

 

 

For completeness I should say I've had this working using a matchclass rule

 

 

when HTTP_REQUEST {

 

if {not [matchclass [HTTP::uri] contains $::Application_URI ] }

 

{ HTTP::redirect http://[HTTP::host][HTTP::uri]}

 

 

}

 

 

where

 

class Application_URI {

 

"/app1"

 

"/app2"

 

"/app3"

 

 

But I can't restore a config archive containing this - maybe a bug, but I can't update the LTM to address this in any useful timescale if it is.

 

 

Any help I'd be grateful for,

 

 

Ed