http to https irule

Can you paste the iRule you're using?

copied below irule in use,

 

 

when HTTP_REQUEST {

 

HTTP::redirect "https://[HTTP::host][HTTP::uri]"

 

}

 

 

VIP on 80 complained it requires an http or fast http profile when enabling irule, so i had to enable settings http profile = http.

 

VIP on 443 has http profile=none, should it be changed?

 

 

Thanks

 

You'll need an HTTP profile on the port 80 virtual server in order to use that iRule to redirect all HTTP traffic to HTTPS. You wouldn't want to apply the same iRule to the 443 virtual server or you'd trigger infinite redirects to itself. If you want to have TMM parse the traffic as HTTP you could add an HTTP profile to the port 443 virtual server. Some specific examples of why you'd want to do this are:

 

 

compression

 

ram cache

 

layer 7 persistence like cookie persistence

 

layer 7 load balancing (using HTTP classes or iRules)

 

HTTP redirect if all the current pool member can't be reached (fall back host in the HTTP profile)

 

rewriting HTTP redirects that the application sends from http:// to https:// (option in the HTTP profile)

 

 

and many other options listed in the HTTP profile.

 

 

Aaron

Thanks for the info on http profile,

 

 

i've just tested,

 

 

when opening webpage 10.1.1.2 on port 80 it prompts for login page (our team dont have one), so when I cancel the login page it redirects to https connections and displays "you dont have authorization page". my worry is even before prompting for login, shouldnt it be on https? to encrypt the login details sent across

 

 

If you're using the http to https redirect rule on the HTTP virtual server, I expect it's working and that you're getting the login page via the HTTPS virtual server from the application. You could remove the pool from the HTTP virtual server to make this more intuitive. You could also use a browser plugin like HttpFox for Firefox or Fiddler to check the LTM response on the HTTP virtual server.

 

 

Aaron

your correct, i missed to notice https on login prompt but URL was still on http !

 

 

thanks Aaron, i've downloaded httpfox for firefox but not sure how to use it thoug...will get ther soon.

hi:

 

 

I have a problem, I need to converter aplications http to https but if I run this iRule

 

 

when HTTP_REQUEST {

 

HTTP::redirect "https://[HTTP::host][HTTP::uri]"

 

}

 

 

my aplication of e-mail just run in the first page, do i need other line in my iRule?

 

What do you mean by this? Could you better explain the problem that you are having?

 

 

 

my aplication of e-mail just run in the first page

 

The iRule intend to deploy an e-mail server and as I apply the iRules all I get is the first page if I try to log in does not

 

That makes more sense.

I would suggest adding logging to your HTTP to HTTPS iRule and see if your login request is being directed back to HTTP. If it is then it would make sense that your login attempts are failing.

when HTTP_REQUEST {
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
log local0. "HTTP to HTTPS Redirect - Client [IP::client_addr]"  
}

What I am guessing your problem is:

Initial Access - HTTP to HTTPS Redirected

HTTPS Login Page - Login Attempt is made. Submit is sent to HTTP://www.website.com

HTTP to HTTPS Redirect - Login Attempt cancelled by redirect.

The logging should tell you if this is your problem.