Don't redirect to SSL if URI exists

Question

I'm trying to create an irule that will redirect:&nbsp;
&nbsp;http://www.mysite.com to https://www.mysite.com&nbsp;
&nbsp;however, if someone goes to http://www.mysite.com/training&nbsp;
&nbsp;I don't want it to redirect.&nbsp;
&nbsp;I've tried several irules to do this, as well as http class profiles, but can't seem to accomplish it.&nbsp;
&nbsp;Any ideas? I'm open to either an irule or http class profile

hoolio · Answer

Hi,
Something like this?
when HTTP_REQUEST {
    Check if requested path isn't /training
   if {not ([HTTP::path] eq /training)}{
       Redirect request to the same host/uri, but via HTTPS
      HTTP::redirect https://[HTTP::host][HTTP::uri]
   }
}
Also, if you use your email address as your login, you're email address will appear in search engine results and is susceptible to spam.
Aaron

scottl_82413 · Answer

Thanks for the reply...still not working...it still redirects to https://www.mysite.com/training&nbsp;
&nbsp;I think I needed to add quotes to the /training, because I got an error without them&nbsp;
&nbsp;when HTTP_REQUEST {
&nbsp;   Check if requested path isn't /training
&nbsp;  if {not ([HTTP::path] eq "/training")}{
&nbsp;      Redirect request to the same host/uri, but via HTTPS
&nbsp;     HTTP::redirect https://[HTTP::host][HTTP::uri]
&nbsp;  }
&nbsp;}&nbsp;
&nbsp;Also thanks for the heads up on the email. I didn't realize it used my login for the posting name until after I'd posted, and didn't see any way to change it.

hoolio · Answer

Sorry...typing faster than thinking.  You do need quotes for the comparison.
Can you log the URI before testing if it's literally "/training"?  I would imagine that either the client is requesting a mixed case of training, the URI is longer than just "/training", the URI is fully qualified with the hostname, or the app itself is sending the redirect.
Here is a version with additional logging to /var/log/ltm:
when HTTP_REQUEST {
   log local0. "Client [IP::client_addr] requested [HTTP::host][HTTP::uri]"
    Check if requested path isn't /training
   if {not ([HTTP::path] eq "/training")}{
      log local0. "Redirecting client [IP::client_addr] from [HTTP::path] to [HTTP::host][HTTP::uri]"
       Redirect request to the same host/uri, but via HTTPS
      HTTP::redirect https://[HTTP::host][HTTP::uri]
   }
}
Aaron

scottl_82413 · Answer

Here's what the logs show:&nbsp;
&nbsp;Feb  7 12:33:29 tmm tmm[1656]: Rule ssl_redirect : Client x.x.x.x requested www.mysite.com/training
&nbsp;Feb  7 12:33:30 tmm tmm[1656]: Rule ssl_redirect : Client x.x.x.x requested www.mysite.com/training/
&nbsp;Feb  7 12:33:30 tmm tmm[1656]: Rule ssl_redirect : Redirecting client x.x.x.x from /training/ to www.mysite.com/training/&nbsp;
&nbsp;Now, I'm pretty confident that the app isn't doing the redirect, because if I turn off this irule the redirect doesn't happen.

hoolio · Answer

It sounds like you want to allow HTTP access to any URI starting with /training, not just equal to /training.  Can you try this version?
when HTTP_REQUEST {
   log local0. "Client [IP::client_addr] requested [HTTP::host][HTTP::uri]"
    Check if requested path doesn't start with /training
   if {not ([HTTP::path] starts_with "/training")}{
      log local0. "Redirecting client [IP::client_addr] from [HTTP::path] to [HTTP::host][HTTP::uri]"
       Redirect request to the same host/uri, but via HTTPS
      HTTP::redirect https://[HTTP::host][HTTP::uri]
   }
}
Aaron

Forum Discussion

Don't redirect to SSL if URI exists

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

(HTTP) Redirection via Arbitrary Host Header

SFTP file existence monitor

Anchor Link Redirect

Rewriting Redirects

Add LTM to existing HA pair

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS