Endless Redirction Loop

Question

Hi DC,&nbsp;
One VIP configured on port 80 and now we want to use on port 443. So when I created VIP on 443 and added redirection irule for VIP:80. But when I am trying to access the https://abc.expert.com it is giving endless redirection loop but it is working good on port 80.&nbsp;
Any suggestons please.&nbsp;

cjunior · Answer

Could you share your configuration for vs and irule used? &nbsp;
Regards&nbsp;

vishnugatla · Answer

ltm virtual Dev.vs {
    destination 20.12.145.52:http
    ip-protocol tcp
    mask 255.255.255.255
    pool Dev.vs
    profiles {
        http { }
        tcp-lan-optimized { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
    vs-index 287
}&nbsp;

vishnugatla · Answer

ltm pool Dev.vs {
    members {
        abc:http {
            address x.x.x.x
            session monitor-enabled
            state up
        }
        def:http {
            address y.y.y.y
            session monitor-enabled
            state up
        }
    }
    monitor min 1 of { http gateway_icmp tcp }
}&nbsp;

vishnugatla · Answer

for 443 config I am not added the pool but if I add the pool, it is giving endless loop
ltm virtual Dev.443 {
    destination x.x.x.x:https
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        abc.wildcard {
            context clientside
        }
        http { }
        tcp-lan-optimized { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
    vs-index 286
}&nbsp;

cjunior · Answer

It looks like you are in this scenario:
1: Client request VS:80  
2. VS:80 send redirect to VS:443  
3. VS:443 does SSL offload and send clear traffic to a pool member  
4. Pool member send clear traffic redirect to http://abc.expert.com, and it start the loop.

So, you may need to rewrite the pool member response to https traffic, like this:
when HTTP_REQUEST {
    STREAM::disable
    set host [getfield [HTTP::host] ":" 1]
}
when HTTP_RESPONSE {
    if { [HTTP::header value Content-Type] contains "html" } {
        STREAM::expression "@http://$host@https://$host@"
        STREAM::enable
    }
    if { [HTTP::is_redirect] &amp;&amp; [string tolower [HTTP::header Location]] starts_with "http://$host"} {
        HTTP::header replace Location [string map -nocase "http://$host https://$host" [HTTP::header Location]]
    }
}

Here in DC have many examples that you can use 🙂  
Regards.

Forum Discussion

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

IPv8 Would Fix My Routing Tables. It Will Never Ship.

Recent Discussions

Errors with AS3 3.56.0 with F5 17.5.1.6

syslog over tcp and define management IP as source

VIP control across data centers - how to ensure only 1 VIP is up at a time?

migrate from serie I to R. Cluster LTM-GTM

CPU/vCPU sizing on rseries

Related Content

loop for iCall

Nested Loop for IRules Redirects

New to F5 - Cannot connect to Login page via browser - Time elasped looping around

Infrastructure 2.0: The Feedback Loop Must Include Applications

Irule redirction default sys_https_redirection