Forum Discussion
carter91_13591
Oct 26, 2010Nimbostratus
Custom iRULE for Specific subsites (Wordpress)
We use our F5 Big IP for SSL offloading for our webserver, and life has been good with that. Works great.
We are starting to move to WordPress as our content management solution on our webserver and want to be able to offload the Wordpress Admin page for each site.
For those who don't know, with a wordpress install, each WordPress site has an admin page located at:
www.server.com/SUBSITE/wp-admin
However, Wordpress has it's own funky redirects going on in the background, so even if I type manually https://www.server.com/SUBSITE/wp-admin I still end up with http://www.server.com/SUBSITE/wp-admin in my browser, thus causing the username and password to be sent as clear text as sub-site admins login.
Is there an iRULE that I can create that will force these back to https just for anything that as /wp-admin at the end of the address?
It's a Windows 2003 server running IIS 6.0. If we turn SSL on inside of IIS for Wordpress, it just does a loop when you try to access the wp-admin sites.
I can provide HTTP header captures or anything else if you need more info.
- hooleylistCirrostratusHave you tried enabling rewriting of redirects on a custom HTTP profile?
- carter91_13591NimbostratusThat would change it so that it redirects for all URLs for that particular virtual server it looks like. We only want to do it for the Wordpress admin sites. They don't have their own VIP.
- hooleylistCirrostratusMaybe something like this?
when HTTP_RESPONSE { Check if server response is a redirect and contains the wp-admin pattern if { [HTTP::header is_redirect] and \ [string match -nocase {*www.server.com/*/wp-admin*} [HTTP::header Location]]} { Log original and updated values log local0. "Original Location header value: [HTTP::header value Location],\ updated: [string map -nocase "http:// https://" [HTTP::header value Location]]" Do the update, replacing http:// with https:// HTTP::header replace Location [string map -nocase "http:// https://" [HTTP::header value Location]] } }
- hooleylistCirrostratusI haven't checked all of the sample request/responses, but it looks like the app is URL encoding the redirect location. You could add URI decoding to the iRule to handle this:
when HTTP_RESPONSE { Check if server response is a redirect and contains the wp-admin pattern (with URI decoding of the Location header) if { [HTTP::header is_redirect] and \ [string match -nocase {*www.server.com/*/wp-admin*} [URI::decode [HTTP::header Location]]]} { Log original and updated values log local0. "Original Location header value: [HTTP::header value Location],\ updated: [string map -nocase "http:// https://" [HTTP::header value Location]]" Do the update, replacing http:// with https:// HTTP::header replace Location [string map -nocase "http:// https://" [HTTP::header value Location]] } }
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects