Forum Discussion
Altostratushttp to https irule for https VIP
I need a simple http to https irule to apply to an HTTPS VIP. This is a Windows RDS gateway on the F5. We want ANY intial connection for http be directed to https. There is no http VIP since it's a HTTPS Site only. Example User types: http://www.example.com/rdweb/pages/en-US/login.aspx
They should be immediately redirected to:
https://www.example.com/rdweb/pages/en-US/login.aspx
I tried the following but cannot get to load via bigpipe OR TMSH
tmsh create ltm rule/common/rds_redirect when HTTP_REQUEST { if {[HTTP::host] equals "rdsgateway.example.com" and [HTTP::uri] starts_with "/rdweb/" } { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }
Fails with multiple errors.
Using the bigpipe command does nothing but show me a list of .sh entries (I don't know where that came from) b rule RDS_redirect '{ when HTTP_REQUEST { if { [HTTP::host] equals "www.example.com" and [HTTP::uri] starts_with "/rdweb/" } { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }}'
BIG-IP Version 10.2.4 860.0
I have little experience in writing irules but have been successful on a few basics. I am open to ANY suggestions. The simpler the better. Thanks!
3 Replies
Chris_OlsonNimbostratus
I can't see how this would work UNLESS we have an http VIP. I'm getting connection refused since 80 is not open. Even so, when I apply and generic redirect on the http VIP, it still fails with Network Error (tcp_error) A communication error occurred: "" The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.- Kai_Wilke
MVP
Hey Chris,
you really need an HTTP VS to terminate the TCP:80 connection and send a HTTP redirect back to the client.
Without having a TCP:80 VS you may use "Preloaded HSTS" to redirect the HTTP requests already within the browser, even before the very first TCP:80 connection is send. But this would still have some serious restriction/limitation...
So once you have created an additional TCP:80 VS (HTTP Profile must be applied without any Pools selected) you could use the build in iRule "_sys_https_redirect", which simply redirects every HTTP request to HTTPS using the same hostname and URI.
BTW: I would recommend to either use the LTM admin page or the iRule Editor to create or change iRules.
Cheers, Kai
- Chris_Olson
Thank you very much. I learned a lot due to this issue and was able to use the"_sys_https_redirect" rule/profile to make this work. I was trying to follow previous soutions which are likely out of date or simply not condusive to this new environment. Thanks for confirming.
