For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

EngAhmad's avatar
EngAhmad
Icon for Nimbostratus rankNimbostratus
Nov 18, 2021

create General VS in LTM for Redirect

Hi   I have Idea   what is Impact if I create a new VS in LTM with source IP 0.0.0.0/0 and destination 0.0.0.0 whit port 80 and attach only Redirect irule to redirect all traffic from HTTP ...
application delivery
BIG-IP
devops
LTM
CA_Valli's avatar
CA_Valli
Icon for MVP rankMVP
Nov 18, 2021

Hello Ahmad,

I don't think this is a good idea,

 

Altough some configurations use "forwarding" type virtual servers with destination 0.0.0.0 for traffic routing, a Virtual Server with destination 0.0.0.0:80 will only match client-side traffic that otherwise would be dropped because no listener was configured for traffic destination.

 

If there are Virtual Server with a best match (destination address/port), client traffic will be processed by those VS's regardless of this configuration.

 

Moreover, to process this as HTTP traffic you will be required to apply a HTTP profile at least (this will allow you to operate in full L7), which if I'm not wrong is only available in a Standard-type Virtual Server -- or at least, not in a Forwarding-type; making me believe you'll need to configure forwarding manually anyways.

 

Every BIG-IP unit comes with a set of pre-defined iRules, and one of those has code for HTTP redirect. In my opinion, it will be much easier to just refer the iRule in every VS where you have this requirement.