Endless Redirction Loop

Question

Hi DC,&nbsp;
One VIP configured on port 80 and now we want to use on port 443. So when I created VIP on 443 and added redirection irule for VIP:80. But when I am trying to access the https://abc.expert.com it is giving endless redirection loop but it is working good on port 80.&nbsp;
Any suggestons please.&nbsp;

cjunior · Answer

Could you share your configuration for vs and irule used? &nbsp;
Regards&nbsp;

f51 · Answer

ltm virtual Dev.vs {
    destination 20.12.145.52:http
    ip-protocol tcp
    mask 255.255.255.255
    pool Dev.vs
    profiles {
        http { }
        tcp-lan-optimized { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
    vs-index 287
}&nbsp;

f51 · Answer

ltm pool Dev.vs {
    members {
        abc:http {
            address x.x.x.x
            session monitor-enabled
            state up
        }
        def:http {
            address y.y.y.y
            session monitor-enabled
            state up
        }
    }
    monitor min 1 of { http gateway_icmp tcp }
}&nbsp;

f51 · Answer

for 443 config I am not added the pool but if I add the pool, it is giving endless loop
ltm virtual Dev.443 {
    destination x.x.x.x:https
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        abc.wildcard {
            context clientside
        }
        http { }
        tcp-lan-optimized { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
    vs-index 286
}&nbsp;

cjunior · Answer

It looks like you are in this scenario:
1: Client request VS:80  
2. VS:80 send redirect to VS:443  
3. VS:443 does SSL offload and send clear traffic to a pool member  
4. Pool member send clear traffic redirect to http://abc.expert.com, and it start the loop.

So, you may need to rewrite the pool member response to https traffic, like this:
when HTTP_REQUEST {
    STREAM::disable
    set host [getfield [HTTP::host] ":" 1]
}
when HTTP_RESPONSE {
    if { [HTTP::header value Content-Type] contains "html" } {
        STREAM::expression "@http://$host@https://$host@"
        STREAM::enable
    }
    if { [HTTP::is_redirect] &amp;&amp; [string tolower [HTTP::header Location]] starts_with "http://$host"} {
        HTTP::header replace Location [string map -nocase "http://$host https://$host" [HTTP::header Location]]
    }
}

Here in DC have many examples that you can use 🙂  
Regards.

Forum Discussion

Endless Redirction Loop

Recent Discussions

How to Renew F5 Device Certificate

SNI Sites not taking correct certificate.

irule to enable http/2 acceleration

Service discovery is not happening in AS3

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Related Content

loop for iCall

Nested Loop for IRules Redirects

Loop in redirect

New to F5 - Cannot connect to Login page via browser - Time elasped looping around

Irule redirction default sys_https_redirection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS