Forum Discussion

dan_19334's avatar
dan_19334
Icon for Nimbostratus rankNimbostratus
Dec 20, 2010

determine HTTP or HTTPS

What is the best way to determine if the connection came in HTTP or HTTPS? I want to have a common iRule applied to both port 80 & 443 that redirects the connection to a different location but keeps ...
application delivery
dev
devops
iRules
  • Vova_200520's avatar
    Vova_200520
    Sep 24, 2015

    Patrik, good one. You have typo. It should be:

    if { [PROFILE::exists clientssl] == 1 } {
    set protocol "https"
} else {
    set protocol "http"
}

    I'm doing this on CLIENT_ACCEPTED. The method with CLIENTSSL_HANDSHAKE will not work because BIG-IP refuse to load it on VS without SSL profile.

hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Dec 20, 2010
Hi Dan,

If you want to assume anything on 443 is SSL, you could use something like this: 


when CLIENT_ACCEPTED {

    Check the VS port to determine if connection is SSL or not
   switch [TCP::local_port] {
      "443" {
         set proto "https"
      }
      default {
         set proto "http"
      }
   }
}
when HTTP_REQUEST {
   if {$we_are_redirecting==1}{
      HTTP::redirect "${proto}://abc123.com[HTTP::uri]"
   }
}

Or you could look for a completed SSL handshake with this: 


 From http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/aff/5/afv/topic/aft/1176419/afc/1200188/Default.aspx
when CLIENT_ACCEPTED { 

    Set a variable to track whether this is an HTTPS request 
   set proto "http"
} 
when CLIENTSSL_HANDSHAKE {
    There was a client side SSL handshake, so update the variable 
   set proto "https"
} 
when HTTP_REQUEST {
   if {$we_are_redirecting==1}{
      HTTP::redirect "${proto}://abc123.com[HTTP::uri]"
   }
}

Aaron