Forum Discussion
NimbostratusHTTP to HTTPS redirect on non-standard port
Can I write a rule to redirect any http requests to this host on this port to https?
If so, how?
Thank you.
9 Replies
hoolioCirrostratus
Sure... you can use an iRule, or if you're on 9.4+ you can use an HTTP class to perform the redirect.
SOL7125: Configuring a virtual server to automatically redirect HTTP requests to HTTPS
https://support.f5.com/kb/en-us/solutions/public/7000/100/sol7125.html
Aaron
Jason_48455Unfortunately that didn't work. I think I need to explain further what I'm trying to do.
When users go to http://server.domain.com:8700
I need them to be automatically redirected to https://server.domain.com:8700
It would be redirected to the same virtual server, only over https.- hoolioIf the request can be HTTP or HTTPS on the same port, you can track whether there was a client SSL handshake using the CLIENTSSL_HANDSHAKE event and only send a redirect for requests which didn't initiate a n SSL handshake. Because the port stays the same, you can redirect to the same host (including the port) and URI.
when CLIENT_ACCEPTED { Set a variable to track whether this is an HTTPS request set https 0 } when CLIENTSSL_HANDSHAKE { There was a client side SSL handshake, so update the variable set https 1 } when HTTP_REQUEST { If it's not an HTTPS connection, send a redirect if {not ($https)}{ HTTP::redirect https://[HTTP::host][HTTP::uri] } }
Aaron - Jason_48455I tried the new irule and it's still not working. I'm not getting any error, it just says that page cannot be displayed.
Not sure if it makes a difference, but I have a client SSL profile set on the virtual server.
I don't see any messages at all related to the irule in any of the logs.
Thanks. - hoolioDo you have non-SSL enabled on the client SSL profile? This will be required in order to issue a redirect on a non-SSL request.
If it still doesn't work, can you try this version with logging:when CLIENT_ACCEPTED { log local0. "[IP::client_addr]:[TCP::client_port]: new connection to [IP::local_port]:[TCP::local_port]. https 0" Set a variable to track whether this is an HTTPS request set https 0 } when CLIENTSSL_HANDSHAKE { log local0. "[IP::client_addr]:[TCP::client_port]: new connection to [IP::local_port]:[TCP::local_port]. https 1" There was a client side SSL handshake, so update the variable set https 1 } when HTTP_REQUEST { If it's not an HTTPS connection, send a redirect if {not ($https)}{ log local0. "[IP::client_addr]:[TCP::client_port]: new connection to [IP::local_port]:[TCP::local_port] redirecting http" HTTP::redirect https://[HTTP::host][HTTP::uri] } }
Aaron - Jason_48455You are awesome. I didn't have the non-SSL option set.
It's working now.
Thank you very much!!! 
norman_leeAltostratus
rule worked wonderfully! Thanks
TejasTh_307036I have the same requirement, if user access the URL with HTTPS, no change in URL. If user access the URLwith HTTP, should redirect to https, I am also using non-standard port URLS.
https://abc.com:8888 ==> no change
http://abc.com:8888 ==> redicet to https://abc.com:8888
It's perfectly working fine with below config
1) Create SSL Client profile with allowing Non-SSL Connections ( You need to modify default config)
2) Create VIP with 8888 port and use SSL client profile
3) Configure below iRule
when HTTP_REQUEST {
if { [URI::protocol [HTTP::uri]] eq "http" } {
HTTP::redirect https://[getfield [HTTP::host] ":" 1]:[TCP::local_port][HTTP::uri]
}}
Stanislas_Piro2Cumulonimbus
Hi,
how do you get protocol from
?[HTTP::uri]when a user request http://abc.com:8888/def.txt,
return only /def.txt[HTTP::uri]the solution provided by hoolio is the solution.
