Forum Discussion

Nitin_01_135506's avatar
Nitin_01_135506
Icon for Nimbostratus rankNimbostratus
May 05, 2014

HTTP-HTTPS redirect!!

I have an irule to redirect from HTTP to HTTPS & appending a string at the end & it works fine until then, after the user logs in, the images dont load with http.

 

when HTTP_REQUEST { if { [HTTP::host] equals "abc.xyz.dev" }{ HTTP::respond 301 Location "http://efd.phx.xyz.dev/plm/emxLogin.jsp" } }

 

1 Reply

  • I'm certain you're obfuscating the iRule for forum consumption, but your 301 redirect is going to an HTTP URL (not HTTPS). So assuming you mean "https://efd.phx.xyz..." then consider this:

    when HTTP_REQUEST {
        if { [HTTP::host] equals "abc.xyz.dev" } {
            HTTP::respond 302 Location "https://efd.phx.xyz.dev/plm/emxLogin.jsp"
        }
    }
    

    So on first request to http://abc.xyz.dev, the user is redirected to https://efd.phx.xyz.dev/plm/emxLogin.jsp, and an HTML page is rendered. Inside that page are reference URLs to various other objects, perhaps JavaScript files, CSS, and images. Because you're not rewriting any of the content inside the HTML document, the URLs are probably something like this:

    http://http://abc.xyz.dev/images/my_cat.png
    

    So when the browser makes a request for http://http://abc.xyz.dev/images/my_cat.png, the first condition is triggered (Host header equals "abc.xyz.dev") and redirects the user to the emxLogin.jsp page behind the HTTPS VIP. Not what you want.

    So let's try this:

    when HTTP_REQUEST {
        if { [HTTP::host] equals "abc.xyz.dev" } {
            if { [HTTP::uri] equals "/" } {
                HTTP::respond 302 Location "https://efd.phx.xyz.dev/plm/emxLogin.jsp"
            } else {
                HTTP::respond 302 Location "https://efd.phx.xyz.dev[HTTP::uri]"
            }
        }
    }
    

    In this case, if the original URI is blank (or "/") redirect to the emxLogin.jsp page under the HTTPS URL. Otherwise, redirect to the HTTPS URL and maintain the request path. Example:

    https://efd.phx.xyz.dev/images/my_cat.png
    

    I would also make one more observation. If you're doing a simple HTTP-to-HTTPS redirect for an application that 1) is listening on HTTP behind the proxy, 2) doesn't know or understand that SSL is being offloaded somewhere else, and 3) is presenting "http://" resource links in the HTML content, then you could be losing some performance as the client must make at least TWO requests for each object: an HTTP request, receives a redirect, and then an HTTPS request. To solve this you could use a STREAM profile and iRule to rewrite all of the http:// references to https:// on the way to the client.