Forum Discussion
Bob_10976
Jul 11, 2011Nimbostratus
Help with HTTP redirect in ALL directions
Hello all,
We have been using the standard HTTP redirect irule, (posted below) that comes with our LTM, ver 10.2.0, for sometime now. However I'm being told now that this not only needs to be applied to incoming traffic, but internal traffic coming from the server as well. Basically I need the HTTP redirect iRule to work for all directions no matter where the request is coming from.
Currently we setup two VIPs, one http and the other https. The LTM acts as the SSL offload for a few Apps, the traffic on the backend to the server is done over http. We simply use the http redirect to https.
Should I simply apply this iRule to my https VIP as well or is there a better way to redirect internal traffic to use HTTPS?
when HTTP_REQUEST {
if { [HTTP::host] equals "" } {
reject
}
}
Thanks,
Bob
- hoolioCirrostratusHi Bob,
when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }
when HTTP_REQUEST { HTTP::redirect "https://www.example.com[HTTP::uri]" }
- Colin_Walker_12Historic F5 AccountSo two things:
- Bob_10976NimbostratusSorry..posted the wrong iRule, here is the correct one..
when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }
- Colin_Walker_12Historic F5 AccountOkay, that makes more sense. :)
- Bob_10976NimbostratusOk..we found our issue, it actually turned out to be a jquery file that was only effecting older browsers, (IE7). Basically what was happening was that the end users were being prompted to display non secure content and my dev thought because the Content Location in the header referred back to the http address and not the https address that was the issue. However I pretty much ruled that out by applying the rule below. The Content Location in the header is optional so it doesn't adverserly affect anything by removing it, but what I'd like to do is setup a rule that if the content header says http to be redirected to use https. Any thoughts on that?
when HTTP_RESPONSE { if { [HTTP::header exists "Content-Location"] } { HTTP::header remove "Content-Location" } }
- Michael_YatesNimbostratusYou could use something like this (you might just be able to remove the "[HTTP::is_redirect] and " portion and test it to see if it fixes that issue:
when HTTP_RESPONSE { if { [ HTTP::is_redirect] and [URI::protocol [HTTP::header "Location" ]] eq "http" } { set path [findstr [HTTP::header "Location" ] "//" 2 ] HTTP::header replace "Location" "https://$path" } }
- Colin_Walker_12Historic F5 AccountAhh, so you don't actually want an outbound redirect, what you want is a header rewrite on the response. That makes more sense.
when HTTP_RESPONSE { if {[HTTP::header exists "Content-Location"] } { HTTP::header replace "Content-Location" [string map {http://yourdomain https://yourdomain} [HTTP::header "Content-Location"]] } }
- Bob_10976NimbostratusThanks!!
- Michael_YatesNimbostratusTry the example I posted but edit the first line to this:
if { [URI::protocol [HTTP::header "Location" ]] eq "http" } {
- Kevin_Davies_40Nacreouswhen HTTP_RESPONSE {
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects