For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

John_Klemm_4418's avatar
John_Klemm_4418
Icon for Nimbostratus rankNimbostratus
Nov 16, 2006

http:// to https:// redirect not working

I am unable to get my redirect to work.     I have a single vip that supports 80 and 443 I have the redirect rule applied to port 80.     Basically my client wants to type in http://myhome...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Nov 16, 2006
I believe you want to have requests to your VIP on x.y.z.77:80 redirected to a second VIP on x.y.z.77:443.

If that's the case, just use the original HTTP to HTTPS redirect rule on the x.y.z.77:80 VIP:


when HTTP_REQUEST {
   HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
   log local0. "client [IP::client_addr] redirected to: https://[getfield [HTTP::host] ":" 1][HTTP::uri]"
}

Then use the switch rule on the HTTPS VIP. Clients that access the VIP on port 80 should then be redirected to the same host and URI via HTTPS. Assuming the HTTPS requests are decrypted, the switch rule on the HTTPS VIP would route the request to the corresponding pool.

As your rule is looking for different domains on the .mil top level domain, I assume the client will get prompted to accept an invalid certificate. Nonetheless, they should still get redirected and passed to the corresponding node.

If you still see problems after verifying the rules are added to the correct VIPs, add log statements to each rule to see what is happening and check the /var/log/ltm log file for details.

Aaron