Dears, I am facing an issue with iRules i have created below iRule when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":"][HTTP::uri] } to redirect from http://abc.com to https://abc.com now i need to Exclude some URLs like http://abc.com/xyz http://abc.com/example1 http://abc.com/example2

Good luck 😉 when HTTP_REQUEST { switch [string tolower [HTTP::host][HTTP::path]] { "abc.com/xyz" - "abc.com/example1" - "abc.com/example2" { return do nothing } default { HTTP::respond 302 location "https://[HTTP::host][HTTP::uri]" event disable prevent a possibility of multiple redirect invocations (not needed, if it's your only iRule attached to the VS) TCP::close remove the TCP connection record from the connections table. Needed for some browsers, because if the connections record remains, the same redirect will not work the second time in a different tab. } } }

In this case you would want to use the priority function. Add the code "priority 10" (without quotes) to the beginning of the iRule (1st Line). This will ensure the HTTPS redirect iRule is processed before your secondary iRule. Might want to share your other iRule? We should make sure no important functionality loss will occur. Edit: - Also please share your exact request page when testing (e.g. http://abc.com/xyz) - Does the back-end server (pool member) serve more than one vHost via the same VS? I need to know if "abc.com" is the only host served, or are there more?

Http to Https except specific URLs

22 Replies

Hannes_Rapp
Nimbostratus
Apr 08, 2015
Hi Ahmad, I've modified the iRule a bit, this should work across all v11.x versions.

when HTTP_REQUEST { if { ([HTTP::host] equals "oservices.bahrain.bh") && ( [string tolower [HTTP::path]] equals "/pubportal/insurancedetailsuploadws/services/insuranceuploadimpl" ) }{ log local0. "Client: [IP::client_addr]: Requested [HTTP::host][HTTP::uri]. HTTPS redirect omitted" } else { HTTP::respond 302 location "https://[HTTP::host][HTTP::uri]" log local0. "Client: [IP::client_addr]: Requested [HTTP::host][HTTP::uri]. Redirected to HTTPS" TCP::close } }

Test with logging enabled: "curl -vI oservices.bahrain.bh/pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl"

Apr 8 12:26:18 bigip1 info tmm1[12385]: Rule /Common/asd : Client: xx.xx.xx.xx: Requested oservices.bahrain.bh/pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl. HTTPS redirect omitted
- Hannes_Rapp
  Nimbostratus
  Apr 08, 2015
  Have taken a look at the response header - it appears that something in between modifies the request path and the "/pubportal" substring is eaten up, before the request is even routed to F5 BigIP. Do you have another proxy in between your desktop(test machine) and the F5 BigIP? < location: https://oservices.bahrain.bh/InsuranceDetailsUploadWS/services/InsuranceUploadImpl As a workaround in F5, you can further modify the iRule and replace the conditional IF statement with: if { ([HTTP::host] equals "oservices.bahrain.bh") && ( [string tolower [HTTP::path]] contains "/insurancedetailsuploadws/services/insuranceuploadimpl" ) }{
- nitass
  Employee
  Apr 12, 2015
  doesn't it already work? i do see the response is not redirection.
Hannes_Rapp_162
Nacreous
Apr 08, 2015
Hi Ahmad, I've modified the iRule a bit, this should work across all v11.x versions.

when HTTP_REQUEST { if { ([HTTP::host] equals "oservices.bahrain.bh") && ( [string tolower [HTTP::path]] equals "/pubportal/insurancedetailsuploadws/services/insuranceuploadimpl" ) }{ log local0. "Client: [IP::client_addr]: Requested [HTTP::host][HTTP::uri]. HTTPS redirect omitted" } else { HTTP::respond 302 location "https://[HTTP::host][HTTP::uri]" log local0. "Client: [IP::client_addr]: Requested [HTTP::host][HTTP::uri]. Redirected to HTTPS" TCP::close } }

Test with logging enabled: "curl -vI oservices.bahrain.bh/pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl"

Apr 8 12:26:18 bigip1 info tmm1[12385]: Rule /Common/asd : Client: xx.xx.xx.xx: Requested oservices.bahrain.bh/pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl. HTTPS redirect omitted
- Hannes_Rapp_162
  Nacreous
  Apr 08, 2015
  Have taken a look at the response header - it appears that something in between modifies the request path and the "/pubportal" substring is eaten up, before the request is even routed to F5 BigIP. Do you have another proxy in between your desktop(test machine) and the F5 BigIP? < location: https://oservices.bahrain.bh/InsuranceDetailsUploadWS/services/InsuranceUploadImpl As a workaround in F5, you can further modify the iRule and replace the conditional IF statement with: if { ([HTTP::host] equals "oservices.bahrain.bh") && ( [string tolower [HTTP::path]] contains "/insurancedetailsuploadws/services/insuranceuploadimpl" ) }{
- nitass
  Employee
  Apr 12, 2015
  doesn't it already work? i do see the response is not redirection.

nitass_89166

Noctilucent

Apr 23, 2015

can you please tell me if i want to exclude another URLs how the iRule will be?

e.g.

 irule

[root@ve11c:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  switch -glob [string tolower [HTTP::host][HTTP::uri]] {
    "oservices.bahrain.bh/pubportal/insurancedetailsuploadws/services/insuranceuploadimpl*" -
    "something.domain.com/*" -
    "somethingelse.somedomain.com/*" {
       Do nothing
    }
    default {
      HTTP::respond 302 location "https://[HTTP::host][HTTP::uri]"
    }
  }
}
}

 test

[root@ve11c:Active:In Sync] config  curl -I http://oservices.bahrain.bh/pubportal/insurancedetailsuploadws/services/insuranceuploadimpl/something
HTTP/1.1 404 Not Found
Date: Thu, 23 Apr 2015 14:03:31 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 09 Feb 2014 08:39:51 GMT
ETag: "41879c-59-2a9c23c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8

[root@ve11c:Active:In Sync] config  curl -I http://oservices.bahrain.bh/something
HTTP/1.0 302 Found
location: https://oservices.bahrain.bh/something
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve11c:Active:In Sync] config  curl -I http://www.domain.com
HTTP/1.0 302 Found
location: https://www.domain.com/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve11c:Active:In Sync] config  curl -I http://www.domain.com/something
HTTP/1.0 302 Found
location: https://www.domain.com/something
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

nitass_89166
Noctilucent
May 02, 2015
what do you mean?

nitass

Employee

Apr 23, 2015

can you please tell me if i want to exclude another URLs how the iRule will be?

e.g.

 irule

[root@ve11c:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  switch -glob [string tolower [HTTP::host][HTTP::uri]] {
    "oservices.bahrain.bh/pubportal/insurancedetailsuploadws/services/insuranceuploadimpl*" -
    "something.domain.com/*" -
    "somethingelse.somedomain.com/*" {
       Do nothing
    }
    default {
      HTTP::respond 302 location "https://[HTTP::host][HTTP::uri]"
    }
  }
}
}

 test

[root@ve11c:Active:In Sync] config  curl -I http://oservices.bahrain.bh/pubportal/insurancedetailsuploadws/services/insuranceuploadimpl/something
HTTP/1.1 404 Not Found
Date: Thu, 23 Apr 2015 14:03:31 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 09 Feb 2014 08:39:51 GMT
ETag: "41879c-59-2a9c23c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8

[root@ve11c:Active:In Sync] config  curl -I http://oservices.bahrain.bh/something
HTTP/1.0 302 Found
location: https://oservices.bahrain.bh/something
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve11c:Active:In Sync] config  curl -I http://www.domain.com
HTTP/1.0 302 Found
location: https://www.domain.com/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve11c:Active:In Sync] config  curl -I http://www.domain.com/something
HTTP/1.0 302 Found
location: https://www.domain.com/something
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

nitass
Employee
May 02, 2015
what do you mean?

Forum Discussion

Http to Https except specific URLs

22 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Related Content

F5 HTTPS Redirect 2025

APM-Specific Features for Securing Your Website

The State Of HTTP/2 With F5 LTM

HTTP Monitor cURL GET With Host Specific Headers

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS