Forum Discussion
John_Ferrin
Nimbostratus
NimbostratusHTTP to HTTPS Redirect with Specified Port
I have a virutal server listening on port 444 that is setup for https traffic. What I'd like to accomplish with an iRule (or some other method) is to look for http requests (http://servername.hostname.com:444/) to this virutal server and make them/redirect them to https requests (https://servername.hostname.com:444/).
With the same IP address I'm already listening on 80 (http) and 443(https) for a different web application. The port 80 virtual server is redirects everything to the 443 virtual server. They wanted to use the same DNS name for another web application so that's why it's on port 444.
I've tried using this iRule but it's returning an ERROR_HTTP_INVALID_SERVER_RESPONSE.
when HTTP_REQUEST {
HTTP::redirect "https://[HTTP::host] : [TCP::local_port clientside][HTTP::uri]"
}
I've also looked at this iRule but wasn't sure how/if it would apply to a virtual server that's listening on a single specific port.
http://devcentral.f5.com/wiki/defau...erver.html
Any assistance you can provide would be greatly appreciated.
Thanks
hoolioCirrostratus
Hi John,
If you enable non-SSL connections on the client SSL profile you can use an iRule like this to redirect non-SSL requests via HTTPS:http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&postid=1170929&ptarget=1170978 when HTTP_REQUEST { Check if the client used an SSL cipher if {not ([catch {SSL::cipher version} result]) && $result ne "none"}{ Client did use a cipher log local0. "\$result: $result. Allowing ncrypted request." } else { Client did not use a cipher log local0. "\$result: $result. Redirecting unencrypted request." HTTP::redirect "https://www.example.com/" } }
Aaron- John_FerrinThanks Aaron, that works great.
I am curious if there's a reason it needs to be written to a log file and checked there or if it can be done on the fly, so to speak. - hoolioYou don't need to log anything for the iRule to work. The logging is just there for debugging.
Aaron - John_FerrinThanks again. Since it seems to be working I just commented out the log statements.