Forum Discussion
charlestips_149
Nimbostratus
Nimbostratushttp to https redirect except for specific URL
We currently have a wildcard cert and virtual server setup so that anyone trying to go to http://www.domain.com/directory gets redirected to https://www.domain.com/directory simple enough
what we would like to do is not redirect for a specific directory.
So redirect for all parts of www.domain.com unless a user goes to http://www.domain.com/specialdirectory
How can I modify the standard http to https irule for that, or should there be a specific irule added for just this.
11 Replies
hoolioCirrostratus
Hi Craig,
I think that's a good start logically. Here are a couple related approaches:when HTTP_REQUEST { Check if domain is "www.domain.com" if {[string tolower [HTTP::host]] eq "www.domain.com"}{ Check if URI isn't /specialdirectory switch [HTTP::uri] { "/specialdirectory" { Exit this event from this iRule return } default { Redirect everything else for www.domain.com to HTTPS HTTP::redirect "https://[HTTP::host][HTTP::uri] } } } No other action is taken for hosts which aren't www.domain.com }
Or if you want to redirect all requests to any domain except requests for www.domain.com/specialdirectory, you could use an iRule like this:when HTTP_REQUEST { Check if domain is "www.domain.com" if {[string tolower [HTTP::host]] eq "www.domain.com"}{ Check if URI isn't /specialdirectory switch [HTTP::uri] { "/specialdirectory" { Exit this event from this iRule return } } } Redirect everything else to HTTPS HTTP::redirect "https://[HTTP::host][HTTP::uri] }
Aaron
charlestips_149Thanks guys! I am going to test these out today. Look like perfect options!- charlestips_149Here is what I ended up putting in, which half works.
when HTTP_REQUEST {
Check if domain is "www.domain.com"
if {[string tolower [HTTP::host]] eq "ww2.domain.com"}{
Check if URI isn't /directory
switch [HTTP::uri] {
"/directory/page.aspx" {
Exit this event from this iRule
return
}
}
}
Redirect everything else to HTTPS
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
The problem is that this only works if I go to "/directory/page.aspx" if I try it with "/directory" in the script I don't get the non redirect if I try to go to any pages within that directory.
How can do I do a catchall for anything below that directory, I tried "/directory/*" - Chris_Miller
Altostratus
when HTTP_REQUEST { Check if domain is "www.domain.com" if {[string tolower [HTTP::host]] eq "ww2.domain.com"}{ Check if URI isn't /directory if {[HTTP::uri] contains "/directory"} { return } } Redirect everything else to HTTPS HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } - charlestips_149I tried "/directory/*" but it didn't work, I tried without the close quote like you have but I get a parse error that way.
- Chris_MillerPosted By charlestips on 07/06/2010 01:29 PM
I tried "/directory/*" but it didn't work, I tried without the close quote like you have but I get a parse error that way.
I might have edited my post as you were trying - please try what I have above. 
Michael_YatesThere is no need to do a string tolower on the [HTTP::host] values.
Only the [HTTP::uri], [HTTP::path], and [HTTP::query] values are case sensitive (depending on your operating system).- charlestips_149If I use your latest Chris the page returns
Invalid URI: The format of the URI could not be determined. - hoolioIn theory, the Host header could be set by the client in upper, lower or mixed case and the server must interpret it with out case sensitivity. So to follow RFC2616, you should actually set the Host header value to lower case before checking it. In practice, all major browsers set the Host header value to lower case. I think most applications would be case sensitive for the query string. For IIS, the path isn't case sensitive.
Charles, you might want to change "contains" to starts with:when HTTP_REQUEST { log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] to [HTTP::host][HTTP::uri]" Check if domain is "www.domain.com" if {[string tolower [HTTP::host]] eq "ww2.domain.com"}{ Check if URI doesn't start with /directory if {[string tolower [HTTP::path]] starts_with "/directory"} { log local0. "[IP::client_addr]:[TCP::client_port]: Allowing request through" Exit this event from this iRule return } } Redirect everything else to HTTPS HTTP::redirect "https://[getfield [HTTP::host] ":" 1][HTTP::uri]" log local0. "[IP::client_addr]:[TCP::client_port]: Redirecting request" }
If there are still issues with this iRule, you can check the log output from /var/log/ltm to see what the iRule is doing.
Aaron - charlestips_149I am sorry, the coder was messing with his script at the same time. This works perfectly. Thanks everyone, for your contributions!
