help on irule redirect

So you're using ASM and getting blocked because the / URI isn't defined in the policy? Out of curiosity, why don't you want to define / as an allowed URL in the ASM policy?

 

 

I thought the redirect in HTTP_REQUEST would prevent ASM from validating the request. With the iRule enabled, do you see the / request being blocked in the ASM forensics?

 

 

By the way, testing this from the command line wouldn't have any impact on the state of the box. It's functionally equivalent to testing to the virtual server from a browser.

 

 

Aaron

Hi Rhino,

Try adding a check of the URI so you only redirect / to /hello. Also the host header won't have the protocol in it.

when HTTP_REQUEST
{
if { [string tolower [HTTP::host]] eq "aaa.com" and [HTTP::path] eq "/"} { HTTP::redirect https://aaa.com/hello }
}

Aaron

hello hoolio

 

 

thanks for the reply freaking fast :)

 

 

i copied your solution and changed the host and uri but im still getting kicked by policy to default page

 

 

from log:

 

Requested URL [HTTPS] /

 

 

 

any thoughts ?

What do you mean by "by policy to the default page"? Can you try testing with curl from the LTM command line to the virtual server and reply with the output?

 

 

For http

 

curl -v http://1.1.1.1/

 

 

For https

 

curl -vk https://1.1.1.1/

 

 

Aaron

erm i wrote i am a noob should have written N000B :)

 

 

i dont realy have experience with CLI and i know this machine is acting up so id rather not do anything in CLI

 

but the situation is:

 

 

i have a virtual server up and running policy configured in blocking and i have made a custom block page .

 

 

the application on the server is listens to https://aaa.com/hello

 

my allowed urls are relative to the above URL

 

 

all i really need is to redirect traffic comming from https://aaa.com to https://aaa.com/hello

 

without opening / in the url policy list

 

 

hope i explained clearly

yes hoolio after adding the rule / still got blocked.

 

 

following your last post i added / to the allow list

 

trying https://aaa.com i got to the servers iis page with the url pointing to https://aaa.com/wellcome.png

 

using http watch i could not see a redirect to https://aaa.com/hello

 

 

this post got kinda messy and a 2 way only conversation hope folks reading this are not bored :P

Can you try adding some debug logging and reply back with the logs? You can check for the output under /var/log/ltm or in the GUI under System | Logs | Local Traffic. If you put the logs in [ code ] [/ code ] tags (without the spaces) the event names in the logs will be preserved.

 

 

when HTTP_REQUEST {
log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri]"
if { [string tolower [HTTP::host]] eq "aaa.com" and [HTTP::path] eq "/"} {
log local0. "[IP::client_addr]:[TCP::client_port]: Redirecting to https://aaa.com/hello"
HTTP::redirect https://aaa.com/hello
}
}
when HTTP_CLASS_SELECTED {
log local0. "[IP::client_addr]:[TCP::client_port]: Matched [HTTP::class]"
}

 

 

Aaron

getting error when saving the rule

 

bigip 10.2.1

 

 

01070151:3: Rule [fotoweb_redirect] error: line 8: [unknown event (HTTP_CLASS_MATCHED)] [when HTTP_CLASS_MATCHED { log local0. "[IP::client_addr]:[TCP::client_port]: Matched [HTTP::class]" }]

 

Sorry, that should have been HTTP_CLASS_SELECTED instead of HTTP_CLASS_MATCHED. I updated the example above.

 

 

Aaron

after the fix :

 

rule is correct but i am still getting the IIS main page with no redirect

 

under local traffic log there are only events regarding downed pools and non related notices nothing that contains the string aaa.com

 

checked it through the GUI and var/log/ltm