Forum Discussion
Creating A Redirect with Local Traffic Policies v11.4
This is not a question, I'm just putting this out here to help people who have run into this problem.
Before 11.4, you could easily redirect from HTTP to HTTPS using HTTP Classes. In 11.4, HTTP Classes are no longer present, and there is not yet a solution article published showing how to accomplish the same thing using Local Traffic Policies. You should be able to get by with this for now.
- First, you need to Create a policy with the matching strategy of your choice, I chose “best-match”. Chose a name for the policy.
- This policy should require “http”, and control “forwarding”.
- You can then add a rule. Choose a name for the rule
- For the rule conditions, leave the defaults in (empty conditions list).
- For the actions, the target should be “http-reply”, the event should be “request” and the action “redirect”. You will have the location parameter available to you. Set the value to :
. This is exactly the same as it is on the HTTP Class documentation (Ref: http://support.f5.com/kb/en-us/solutions/public/7000/100/sol7125.html?sr=32531961 )https://[getfield [HTTP::host] ":" 1][HTTP::uri] - Click “Add” for the parameter, then “Add” again to add the action to the list of actions.
- Click Finished once done, and then you can attach this policy to the virtual server of choice, and it should redirect all requests to the HTTPS equivalent of the incoming host and URI combination.
17 Replies
LEON_LI_38034Nimbostratus
Very Thanks. aFanen01
Is there a more detailed introduction about the local traffic policy?
- Sadly, not at this time. Situation should improve eventually though.
czacekThank you for this. "How to redirect HTTP to HTTPS without an iRule now that HTTP Class Profiles are gone" was difficult to find. How can I make it close the connection afterwards? I have tried everything I could think of, but I always get "Connection: Keep-Alive", and that's not what I want when redirecting the browser to a different TCP port. I tried adding another Rule (all-match strategy on the policy, no condition, http-header response replace / insert name=Connection value=close) to the policy, but it had no effect. I tried using an HTTP Profile that had "Maximum Requests: 1" (and even HTTP 1.1 Pipelining disabled), but it still let me request over and over on the same connection, still said Connection: Keep-Alive, and still redirected me.- Hi Czacek, Unfortunately, I haven't had time to explore it in more depth yet. So I can't answer your questions at this point in time.
- Is it possible to control 301 vs 302?
- Hey, unfortunately, it is currently not selectable. There's an open ticket to address this in the hopefully not too distant future. Happy new year :)
Kevin_Davies_40Nacreous
If you want finer grained control attach the following iRule.
when HTTP_REQUEST { HTTP::respond 301 Location "https://[getfield [HTTP::host] ":" 1][HTTP::uri]" Connection Close }You can add headers after connection close just keep adding them as header name, a space, header value etc....
Steve_Duys_1637Can someone link, supply screenshots? Or describe where this is in the UI? Can't find.- There's an image here: http://postimg.org/image/rypfwsqk9/
Mohamed_LrhaziAltocumulus
When will F5 re-introduce HTTP Classes!!!!
- JG
Cumulonimbus
In v11.6.0, the old HTTP profiles are still there, such as /Common/http, and other customised child ones, retained by the upgrade process. It's just that they no longer appear in "Local Traffic" -> Profiles -> Services.
I would like to replicate the function of "Redirect Rewrite" that used to be in the old HTTP profile and it seems that I need to create a rewrite profile instead, not really a "traffic policy" as mentioned above.
Can somebody clarify all this? The solution articles I can find are all about how the old profiles cannot be brought into v11.4.0+ versions for various reasons; there are no specific examples to show how to do it in the new way, and why (to ust say "HTTP class is no longer available" is not that much helpful.)
