HTTP to HTTPS redirection using only a single virtual server

Go through below link.. which might help you.

 

https://devcentral.f5.com/s/codeshare

 

I'm using the following rule for this purpose. It basically strips the host part of http redirects and returns the relative path:

ltm rule redirect_absolute_to_relative {
     when HTTP_RESPONSE {
          if { [HTTP::is_redirect] } {
             Replace absolute redirect with relative redirect
             HTTP::header replace Location [regsub {https?://[^/]*/} [HTTP::header value location] "/"]
          }
     }
}

Hope this answers your question

Can you please try assigning "any" port (put restrictions at the firewall for port 80 and 443 for vip ip) for virtual server and then try assigning redirection irule from HTTP to HTTPS.

when RULE_INIT {

set static::redirect_http_to_https 1

Set this option to 1 to log debug messages (to /var/log/ltm by default) set static::single_vs_debug 1

Save the VIP name, client IP:port as a log prefix to make the log lines shorter set log_prefix "[IP::client_addr]:[TCP::client_port] [virtual name]"

if { [matchclass [TCP::local_port] equals $static::vip_https_ports] }{

   Request was to an HTTPS port, so do nothing for the clientside connection.  
   The defined client and/or server SSL profiles will be applied as normal
  if {$static::single_vs_debug}{log local0. "$log_prefix: HTTPS request to [IP::local_addr]:[TCP::local_port]"}

   log an error if the virtual server doesn't have a client SSL profile, but receives an SSL request
  if {[PROFILE::exists clientssl] == 0}{
     if {$static::single_vs_debug}{log local0. "$log_prefix:\
        Client connection received on port [TCP::local_port], but no client SSL profile is enabled on [IP::local_addr]"}
     reject
  }

} elseif { [matchclass [TCP::local_port] equals $static::vip_http_ports] }{

   Request was to an HTTP port, not an HTTPS port, so disable client SSL profile if one is enabled on the VIP
  set vip_http_port 1
  if {$static::single_vs_debug}{log local0. "$log_prefix: HTTP request to [IP::local_addr]:[TCP::local_port]"}

   Check to see if there is a client SSL profile and if so, disable it
  if { [PROFILE::exists clientssl] == 1} {
     if {$static::single_vs_debug}{log local0. "$log_prefix: Client SSL profile enabled on VIP.  Disabling SSL."}
     set disable_cmd "SSL::disable"
     eval $disable_cmd
  } 

} else {

   Request wasn't to a defined port, so reset the TCP connection.
  if {$static::single_vs_debug}{log local0. "$log_prefix:\
     Dropping request to undefined port [IP::local_addr]:[TCP::local_port]"}
  reject

} } when HTTP_REQUEST {

If redirect_http_to_https is enabled and the request was made to an HTTP port, redirect the client to the same host/URI over HTTPS if { ($static::redirect_http_to_https == 1 or ([info exists redirect_http_to_https] && $redirect_http_to_https)) && \ ([info exists vip_http_port] && $vip_http_port==1)}{

  HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
  if {$static::single_vs_debug}{log local0. "$log_prefix:\
     Redirecting client [IP::client_addr] to https://[getfield [HTTP::host] \":\" 1][HTTP::uri]"}

}

I used the above iRule but could not achieve my requirement. The backend servers are communicating on port 8080 and the url has the port 8080 specified in it but whenever i use the iRule, the page becomes inaccessible.

Hi babaransari,

Why you want to assign only one VIP? in all case you will have to listen on 2 ports (80 and 443). So if you create 2 VIP is the same and it will be more easier for you to manage and maintain your need!!!

Regards