HTTP-HTTPS redirect!!

Question

I have an irule to redirect from HTTP to HTTPS &amp; appending a string at the end &amp; it works fine until then, after the user logs in, the images dont load with http.&nbsp;

when HTTP_REQUEST {
    if { [HTTP::host] equals "abc.xyz.dev" }{
        HTTP::respond 301 Location "http://efd.phx.xyz.dev/plm/emxLogin.jsp"
    }
}&nbsp;

kevin_stewart · Answer

I'm certain you're obfuscating the iRule for forum consumption, but your 301 redirect is going to an HTTP URL (not HTTPS). So assuming you mean "https://efd.phx.xyz..." then consider this:
when HTTP_REQUEST {
    if { [HTTP::host] equals "abc.xyz.dev" } {
        HTTP::respond 302 Location "https://efd.phx.xyz.dev/plm/emxLogin.jsp"
    }
}

So on first request to http://abc.xyz.dev, the user is redirected to https://efd.phx.xyz.dev/plm/emxLogin.jsp, and an HTML page is rendered. Inside that page are reference URLs to various other objects, perhaps JavaScript files, CSS, and images. Because you're not rewriting any of the content inside the HTML document, the URLs are probably something like this:
http://http://abc.xyz.dev/images/my_cat.png

So when the browser makes a request for http://http://abc.xyz.dev/images/my_cat.png, the first condition is triggered (Host header equals "abc.xyz.dev") and redirects the user to the emxLogin.jsp page behind the HTTPS VIP. Not what you want.
So let's try this:
when HTTP_REQUEST {
    if { [HTTP::host] equals "abc.xyz.dev" } {
        if { [HTTP::uri] equals "/" } {
            HTTP::respond 302 Location "https://efd.phx.xyz.dev/plm/emxLogin.jsp"
        } else {
            HTTP::respond 302 Location "https://efd.phx.xyz.dev[HTTP::uri]"
        }
    }
}

In this case, if the original URI is blank (or "/") redirect to the emxLogin.jsp page under the HTTPS URL. Otherwise, redirect to the HTTPS URL and maintain the request path. Example:
https://efd.phx.xyz.dev/images/my_cat.png

I would also make one more observation. If you're doing a simple HTTP-to-HTTPS redirect for an application that 1) is listening on HTTP behind the proxy, 2) doesn't know or understand that SSL is being offloaded somewhere else, and 3) is presenting "http://" resource links in the HTML content, then you could be losing some performance as the client must make at least TWO requests for each object: an HTTP request, receives a redirect, and then an HTTPS request. To solve this you could use a STREAM profile and iRule to rewrite all of the http:// references to https:// on the way to the client.

Forum Discussion

HTTP-HTTPS redirect!!

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

F5 HTTPS Redirect 2025

(HTTP) Redirection via Arbitrary Host Header

HTTP To HTTPS Redirect 301

How to achieve hiding internal URLs and HTTP dynamic redirection with F5 XC HTTP Load Balancer

The State Of HTTP/2 With F5 LTM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS