HTTP Redirects

This is what I came up with so far...

 

 

when HTTP_REQUEST {

 

if {[HTTP::host] matches "https://qa.ipcws.fiserv.com"}

 

HTTP::redirect "https://qa.ipcws.fiserv.com/cws.web/Login.aspx"

 

}

 

 

But I receive this error when attempting to save the iRule

 

01070151:3: Rule [qa.ipcws.fiserv.com-redirect] error:

 

line 2: [parse error: PARSE syntax 37 {syntax error in expression "[HTTP::host] matches "https://qa.ipcws.fiserv.com"": extra tokens at end of expression}] [{[HTTP::host] matches "https://qa.ipcws.fiserv.com"}]

 

line 2: [missing a script after "if"] []

I believe this did the trick for my VS listening on 443 when HTTP_REQUEST { if { [string tolower [HTTP::host]] equals "www.qa.ipcws.fiserv.com" } { HTTP::redirect "https://qa.ipcws.fiserv.com/cws.web/Login.aspx" } if { [string tolower [HTTP::host]] equals "qa.ipcws.fiserv.com" } { HTTP::redirect "https://qa.ipcws.fiserv.com/cws.web/Login.aspx" } } I then created a second VS listening on port 80 and configured this iRule when HTTP_REQUEST { if { [TCP::local_port] == 80 }{ HTTP::redirect "https://[getfield [HTTP::host] ":" 1][HTTP::uri]" } }

Upon further testing this does not work...Any help would be greatly appreciated!

Hi Eric,

If you want to redirect all of the HTTP requests to HTTPS preserving the URI, you can use the HTTP::redirect rule you posted. You could leave off the check for the port being 80 as all requests to the HTTP VS would be on port 80:

HTTP_REQUEST {
   HTTP::redirect "https://[getfield [HTTP::host] ":" 1][HTTP::uri]"
}

For the HTTPS VS, you can use an iRule like this to check the Host header value:

when HTTP_REQUEST {

    Check the requested host set to lowercase
   switch [string tolower [HTTP::host]] {
      "www.qa.ipcws.fiserv.com" -
      "qa.ipcws.fiserv.com" {
          Matched the host check, send a 301 with the new location
         HTTP::respond 301 Location "https://qa.ipcws.fiserv.com/cws.web/Login.aspx"
      }
      default {
          Take some default action?
      }
   }
}

Aaron

I removed the iRule from the HTTPS VS deleted the iRule, recreated the iRule with a different, and applied the iRule to the VS. However, the redirect is not working when I navigate to https://www.qa.ipcws.fiserv.com/. I am I missing any thing?

Thanks! I just tested the HTTP to HTTPS redirect and that is functioning...Still trying to get the redirect from www.qa.ipcws.fiserv.com to qa.ipcws.fiserv.com to work.

I just captured the traffic in Wireshark to determine if the Redirect was occurring. I did not see the redirect, but it could be due to the encrypted packets.

I am currently running version 9.4.8. I check to see if there were any known issues, but I could not find any.

Can you try using a browser plugin to view the unencrypted HTTP requests and responses? You can use HttpFox for Firefox or Fiddler for IE.

I think you'll find that you're getting a redirect loop because requests to any URI for https://qa.ipcws.fiserv.com are being redirected to https://qa.ipcws.fiserv.com/cws.web/Login.aspx. One way to fix this is by redirecting all requests for www.qa.ipcws.fiserv.com to qa.ipcws.fiserv.com and only requests for qa.ipcws.fiserv.com and / to the login page:

when HTTP_REQUEST {

   log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri]"

    Check the requested host set to lowercase
   switch [string tolower [HTTP::host]] {
      "www.qa.ipcws.fiserv.com" {
          Matched the host check, send a 301 with the new location
         log local0. "[IP::client_addr]:[TCP::client_port]: Matched www.qa.ipcws.fiserv.com, redirecting to login page"
         HTTP::respond 301 Location "https://qa.ipcws.fiserv.com/cws.web/Login.aspx"
      }
      "qa.ipcws.fiserv.com" {
          Matched the host check, send a 301 with the new location for requests to /
 if {[HTTP::uri] eq "/"}{
            log local0. "[IP::client_addr]:[TCP::client_port]: Matched qa.ipcws.fiserv.com and /, redirecting to login page"
            HTTP::respond 301 Location "https://qa.ipcws.fiserv.com/cws.web/Login.aspx"
 }
      }
      default {
          Take some default action?
         log local0. "[IP::client_addr]:[TCP::client_port]: No match, doing nothing"
      }
   }
}

Aaron

So, it appears that the redirect is happening...but it is happening AFTER the SSL handshake. So users are presented the SSL certificate error and then if you click continue, the redirect occurs and the correct page is displayed. Is there a way to get the redirect to occur before the SSL handshake so the users are not presented with the SSL name mismatch?