Forum Discussion

22 Replies

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Mar 25, 2015

    Good luck 😉

    when HTTP_REQUEST {
  switch [string tolower [HTTP::host][HTTP::path]] {
    "abc.com/xyz" -
    "abc.com/example1" -
    "abc.com/example2" {
      return
       do nothing
    }
    default {
      HTTP::respond 302 location "https://[HTTP::host][HTTP::uri]"
      event disable
       prevent a possibility of multiple redirect invocations (not needed, if it's your only iRule attached to the VS)
      TCP::close
       remove the TCP connection record from the connections table. Needed for some browsers, because if the connections record remains, the same redirect will not work the second time in a different tab.
    }
  }
}
    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus
      Mar 25, 2015
      In this case you would want to use the priority function. Add the code "priority 10" (without quotes) to the beginning of the iRule (1st Line). This will ensure the HTTPS redirect iRule is processed before your secondary iRule. Might want to share your other iRule? We should make sure no important functionality loss will occur. Edit: - Also please share your exact request page when testing (e.g. http://abc.com/xyz) - Does the back-end server (pool member) serve more than one vHost via the same VS? I need to know if "abc.com" is the only host served, or are there more?
  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Mar 25, 2015

    A single iRule on your port 80 Virtual Server will do. Remove everything else, except:

    when HTTP_REQUEST {

  if { (([HTTP::host] == "oservices.bahrain.bh") && ([string tolower[HTTP::path]] == "/pubportal/insurancedetailsuploadws/services/insuranceuploadimpl")) }{
    return
    log local0. "Client: [IP::client_addr]: Requested [HTTP::host][HTTP::uri]. HTTPS redirect omitted"
  } else {
    HTTP::respond 302 location "https://[HTTP::host][HTTP::uri]"
    log local0. "Client: [IP::client_addr]: Requested [HTTP::host][HTTP::uri]. Redirected to HTTPS"
    TCP::close
  }
}

    Good luck! PS: Try my iRule with skepticism and preferably do it during a non-peak hour (or during a maintenance window)!

    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus
      Mar 25, 2015
      For Further Troubleshooting: In case you're still in the same situation as before, you should make sure the back-end server is not responding back with a redirect which includes reference to HTTP protocol, instead of HTTPS. All server-side hard-coded HTTP protocol redirects are to be adjusted for a migration to HTTPS. From your side, you can verify the redirects. On an UNIX/Linux machine use the cURL program. On a Windows Machine use your web-browser: Firebug AddOn for Mozilla Firefox, or DevTools for Chrome: * Issue a command: "curl -vI http://oservices.bahrain.bh" - This should be redirected to HTTPS. In the response headers section you're expecting to see: Location : https://oservices.bahrain.bh Server : BigIP If so, you will know the F5 iRule does it's job. Now make a second cURL request to track down where https://oservices.bahrain.bh is redirected - does the back-end server redirect to another plain HTTP page?
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Icon for Nacreous rankNacreous
    Mar 25, 2015

    A single iRule on your port 80 Virtual Server will do. Remove everything else, except:

    when HTTP_REQUEST {

  if { (([HTTP::host] == "oservices.bahrain.bh") && ([string tolower[HTTP::path]] == "/pubportal/insurancedetailsuploadws/services/insuranceuploadimpl")) }{
    return
    log local0. "Client: [IP::client_addr]: Requested [HTTP::host][HTTP::uri]. HTTPS redirect omitted"
  } else {
    HTTP::respond 302 location "https://[HTTP::host][HTTP::uri]"
    log local0. "Client: [IP::client_addr]: Requested [HTTP::host][HTTP::uri]. Redirected to HTTPS"
    TCP::close
  }
}

    Good luck! PS: Try my iRule with skepticism and preferably do it during a non-peak hour (or during a maintenance window)!

    • Hannes_Rapp_162's avatar
      Hannes_Rapp_162
      Icon for Nacreous rankNacreous
      Mar 25, 2015
      For Further Troubleshooting: In case you're still in the same situation as before, you should make sure the back-end server is not responding back with a redirect which includes reference to HTTP protocol, instead of HTTPS. All server-side hard-coded HTTP protocol redirects are to be adjusted for a migration to HTTPS. From your side, you can verify the redirects. On an UNIX/Linux machine use the cURL program. On a Windows Machine use your web-browser: Firebug AddOn for Mozilla Firefox, or DevTools for Chrome: * Issue a command: "curl -vI http://oservices.bahrain.bh" - This should be redirected to HTTPS. In the response headers section you're expecting to see: Location : https://oservices.bahrain.bh Server : BigIP If so, you will know the F5 iRule does it's job. Now make a second cURL request to track down where https://oservices.bahrain.bh is redirected - does the back-end server redirect to another plain HTTP page?
    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus
      Apr 07, 2015
      cURL outputs or anything to show where you're at? We need to make it clear if the problem is at end-server or F5 iRule.