Forum Discussion
Ahmad_03_151082
Nimbostratus
NimbostratusHTTP to HTTPs exclude URLs
Hello
I am facing problem with my iRule which is redirect HTTP to HTTPs when HTTP_REQUEST { switch -glob [string tolower [HTTP::host][HTTP::uri]] { "xyz.com/pubportal/something" - "xyz.com/pubportal/anything" { Do nothing } default { HTTP::respond 302 location "https://[HTTP::host][HTTP::uri]" } } } this iRule to redirect http://xyz.com to https://xyz.com then it should exclude xyz.com/pubportal/something and xyz.com/pubportal/anything from this redirection but it doesnt work which meant the above iRule redirect everything to HTTPs. I have two virtual server HTTP and HTTPS Also i have created an iRule for pubportal on HTTP VS "/pubportal*" { HTTP::uri "[string range [HTTP::uri] 10 end]" }
I need a help!
36 Replies
Ahmad_03_151082I am facing problem with my iRule which is redirect HTTP to HTTPs when HTTP_REQUEST { switch -glob [string tolower [HTTP::host][HTTP::uri]] { "xyz.com/pubportal/something" - "xyz.com/pubportal/anything" { Do nothing } default { HTTP::respond 302 location "https://[HTTP::host][HTTP::uri]" } } } this iRule to redirect http://xyz.com to https://xyz.com then it should exclude xyz.com/pubportal/something and xyz.com/pubportal/anything from this redirection but it doesnt work which meant the above iRule redirect everything to HTTPs. I have two virtual server HTTP and HTTPS Also i have created an iRule for pubportal on HTTP VS "/pubportal*" { HTTP::uri "[string range [HTTP::uri] 10 end]" } I need a help!
Robert_Luechte1Try putting a log statement in before the switch statement so you can see the values you are using in the switch.
log local0. "HTTP Host and path is: [string tolower [HTTP::host][HTTP::uri]]"
Also, do you need to check the host portion? Do you have multiple domains that use this IP address?
- Ahmad_03_151082Hi robert no i donot have multiple domains yes i need to check the host portion I have applied the above i got the below result curl -I oservices.bahrain.bh HTTP/1.0 302 Found location: https://oservices.bahrain.bh/wps/portal Server: BigIP Connection: Keep-Alive Content-Length: 0 curl -I http://oservices.bahrain.bh/pubportal/WebServiceVehicleRegistration/services/Controller HTTP/1.0 302 Found location: https://oservices.bahrain.bh/WebServiceVehicleRegistration/services/Controller Server: BigIP Connection: Keep-Alive Content-Length: 0 curl -I oservices.bahrain.bh/pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl HTTP/1.0 302 Found location: https://oservices.bahrain.bh/InsuranceDetailsUploadWS/services/InsuranceUploadImpl Server: BigIP Connection: Keep-Alive Content-Length: 0 curl -vI http://oservices.bahrain.bh/pubportal/WebServiceVehicleRegistration/services/Controller * About to connect() to oservices.bahrain.bh port 80 (0) * Trying 192.168.214.6... connected * Connected to oservices.bahrain.bh (192.168.214.6) port 80 (0) > HEAD /pubportal/WebServiceVehicleRegistration/services/Controller HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.3 libidn/1.10 > Host: oservices.bahrain.bh > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 302 Found HTTP/1.0 302 Found < location: https://oservices.bahrain.bh/WebServiceVehicleRegistration/services/Controller location: https://oservices.bahrain.bh/WebServiceVehicleRegistration/services/Controller < Server: BigIP Server: BigIP * HTTP/1.0 connection set to keep alive! < Connection: Keep-Alive Connection: Keep-Alive < Content-Length: 0 Content-Length: 0 < * Connection 0 to host oservices.bahrain.bh left intact * Closing connection 0 curl -vI oservices.bahrain.bh/pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl * About to connect() to oservices.bahrain.bh port 80 (0) * Trying 192.168.214.6... connected * Connected to oservices.bahrain.bh (192.168.214.6) port 80 (0) > HEAD /pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.3 libidn/1.10 > Host: oservices.bahrain.bh > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 302 Found HTTP/1.0 302 Found < location: https://oservices.bahrain.bh/InsuranceDetailsUploadWS/services/InsuranceUploadImpl location: https://oservices.bahrain.bh/InsuranceDetailsUploadWS/services/InsuranceUploadImpl < Server: BigIP Server: BigIP * HTTP/1.0 connection set to keep alive! < Connection: Keep-Alive Connection: Keep-Alive < Content-Length: 0 Content-Length: 0 < * Connection 0 to host oservices.bahrain.bh left intact * Closing connection 0 curl -vI oservices.bahrain.bh * About to connect() to oservices.bahrain.bh port 80 (0) * Trying 192.168.214.6... connected * Connected to oservices.bahrain.bh (192.168.214.6) port 80 (0) > HEAD / HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.3 libidn/1.10 > Host: oservices.bahrain.bh > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 302 Found HTTP/1.0 302 Found < location: https://oservices.bahrain.bh/wps/portal location: https://oservices.bahrain.bh/wps/portal < Server: BigIP Server: BigIP * HTTP/1.0 connection set to keep alive! < Connection: Keep-Alive Connection: Keep-Alive < Content-Length: 0 Content-Length: 0 < * Connection 0 to host oservices.bahrain.bh left intact * Closing connection 0 vprwp:/usr/IBM/WebSphere/w
- Robert_Luechte1I'm still confused as to what you are trying to do. Are you saying that you want to do a HTTP to HTTPS redirect for everything except if the URI has the word /pubportal in it? Or are you looking for specific URLs that have /pubportal in them and choosing not to redirect those? Because I'm not sure what you are saying with /pubportal/something or /pubportal/anything. If you can clarify what you are doing it will help.
- Ahmad_03_151082let me explain it again I need to enable SSL on http://oservices.bahrain.bh to enablae SSL i applied the below iRule when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } Now I want to exclude the below URLs http://oservices.bahrain.bh/pubportal/WebServiceVehicleRegistration/services/Controller http://oservices.bahrain.bh/pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl
Robert_Luechte2Cirrus
Try putting a log statement in before the switch statement so you can see the values you are using in the switch.
log local0. "HTTP Host and path is: [string tolower [HTTP::host][HTTP::uri]]"
Also, do you need to check the host portion? Do you have multiple domains that use this IP address?
- Ahmad_03_151082Hi robert no i donot have multiple domains yes i need to check the host portion I have applied the above i got the below result curl -I oservices.bahrain.bh HTTP/1.0 302 Found location: https://oservices.bahrain.bh/wps/portal Server: BigIP Connection: Keep-Alive Content-Length: 0 curl -I http://oservices.bahrain.bh/pubportal/WebServiceVehicleRegistration/services/Controller HTTP/1.0 302 Found location: https://oservices.bahrain.bh/WebServiceVehicleRegistration/services/Controller Server: BigIP Connection: Keep-Alive Content-Length: 0 curl -I oservices.bahrain.bh/pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl HTTP/1.0 302 Found location: https://oservices.bahrain.bh/InsuranceDetailsUploadWS/services/InsuranceUploadImpl Server: BigIP Connection: Keep-Alive Content-Length: 0 curl -vI http://oservices.bahrain.bh/pubportal/WebServiceVehicleRegistration/services/Controller * About to connect() to oservices.bahrain.bh port 80 (0) * Trying 192.168.214.6... connected * Connected to oservices.bahrain.bh (192.168.214.6) port 80 (0) > HEAD /pubportal/WebServiceVehicleRegistration/services/Controller HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.3 libidn/1.10 > Host: oservices.bahrain.bh > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 302 Found HTTP/1.0 302 Found < location: https://oservices.bahrain.bh/WebServiceVehicleRegistration/services/Controller location: https://oservices.bahrain.bh/WebServiceVehicleRegistration/services/Controller < Server: BigIP Server: BigIP * HTTP/1.0 connection set to keep alive! < Connection: Keep-Alive Connection: Keep-Alive < Content-Length: 0 Content-Length: 0 < * Connection 0 to host oservices.bahrain.bh left intact * Closing connection 0 curl -vI oservices.bahrain.bh/pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl * About to connect() to oservices.bahrain.bh port 80 (0) * Trying 192.168.214.6... connected * Connected to oservices.bahrain.bh (192.168.214.6) port 80 (0) > HEAD /pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.3 libidn/1.10 > Host: oservices.bahrain.bh > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 302 Found HTTP/1.0 302 Found < location: https://oservices.bahrain.bh/InsuranceDetailsUploadWS/services/InsuranceUploadImpl location: https://oservices.bahrain.bh/InsuranceDetailsUploadWS/services/InsuranceUploadImpl < Server: BigIP Server: BigIP * HTTP/1.0 connection set to keep alive! < Connection: Keep-Alive Connection: Keep-Alive < Content-Length: 0 Content-Length: 0 < * Connection 0 to host oservices.bahrain.bh left intact * Closing connection 0 curl -vI oservices.bahrain.bh * About to connect() to oservices.bahrain.bh port 80 (0) * Trying 192.168.214.6... connected * Connected to oservices.bahrain.bh (192.168.214.6) port 80 (0) > HEAD / HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-suse-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8j zlib/1.2.3 libidn/1.10 > Host: oservices.bahrain.bh > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 302 Found HTTP/1.0 302 Found < location: https://oservices.bahrain.bh/wps/portal location: https://oservices.bahrain.bh/wps/portal < Server: BigIP Server: BigIP * HTTP/1.0 connection set to keep alive! < Connection: Keep-Alive Connection: Keep-Alive < Content-Length: 0 Content-Length: 0 < * Connection 0 to host oservices.bahrain.bh left intact * Closing connection 0 vprwp:/usr/IBM/WebSphere/w
- Robert_Luechte2I'm still confused as to what you are trying to do. Are you saying that you want to do a HTTP to HTTPS redirect for everything except if the URI has the word /pubportal in it? Or are you looking for specific URLs that have /pubportal in them and choosing not to redirect those? Because I'm not sure what you are saying with /pubportal/something or /pubportal/anything. If you can clarify what you are doing it will help.
- Ahmad_03_151082let me explain it again I need to enable SSL on http://oservices.bahrain.bh to enablae SSL i applied the below iRule when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } Now I want to exclude the below URLs http://oservices.bahrain.bh/pubportal/WebServiceVehicleRegistration/services/Controller http://oservices.bahrain.bh/pubportal/InsuranceDetailsUploadWS/services/InsuranceUploadImpl
swo0sh_gt_13163Altostratus
Hello Ahmad,
You may implement an iRule such as following.
when HTTP_REQUEST { if {!([HTTP::uri] contains "pubportal")}{ HTTP::redirect https://[HTTP::host][HTTP::uri] } }You can change the "pubportal" with any URI or string you want to match and exclude from being redirected to HTTPs. I am sure there must be other alternatives available to achieve the same with more optimal iRule.
I hope this would be helpful.
Cheers! Darshan
- Ahmad_03_151082Thank you so much what if i want to add another URI?
- swo0sh_gt_13163
I would suggest to use a string based data group if it is going to be more than a few, would be easy to manage. However following is a sample snippet can be helpful too.
when HTTP_REQUEST { if {!( ([HTTP::uri] contains "pubportal") or ([HTTP::uri] contains "WebServiceVehicleRegistration") or ([HTTP::uri] contains "abc") )} { HTTP::redirect https://[HTTP::host][HTTP::uri] }}
Hope this helps.
- Ahmad_03_151082thank you so much for your help....
- swo0sh_gt_13163
I am glad that it helped.
Cheers! Darshan
Zeeshan_Ahmad_1Just one correction to the above iRule, you need to mention the HTTP::uri every time while using "or/and" for comparing the values. And again best practice is to use data group for multiple values
when HTTP_REQUEST { if {!([HTTP::uri] contains "pubportal" or [HTTP::uri] contains "WebServiceVehicleRegistration" or [HTTP::uri] contains "abc")} {
HTTP::redirect https://[HTTP::host][HTTP::uri]}
}- Robert_Luechte2
I think you also need parenthesis around each check:
when HTTP_REQUEST { if {!( ([HTTP::uri] contains "pubportal") or ([HTTP::uri] contains "WebServiceVehicleRegistration") or ([HTTP::uri] contains "abc") )} { HTTP::redirect https://[HTTP::host][HTTP::uri] - swo0sh_gt_13163
Thanks guys for your input.
- Ahmad_03_151082
thank you for your help
