HTTP::header replace problem

can you post the https virtual server configuration?

 

 

e.g.

 

tmsh list ltm virtual (name)

ltm virtual VS_S1P_PD03_EXTERNAL_LIVE_HTTPS {

 

destination 172.31.137.59:https

 

ip-protocol tcp

 

mask 255.255.255.255

 

partition S1PEL

 

profiles {

 

PROFILE_S1P_PD03_EXTERNAL_LIVE_CLIENTSSL {

 

context clientside

 

}

 

PROFILE_S1P_PD03_EXTERNAL_LIVE_HTTP { }

 

PROFILE_S1P_PD03_EXTERNAL_LIVE_SERVERSSL {

 

context serverside

 

}

 

oneconnect { }

 

tcp { }

 

}

 

rules {

 

IRULE_COMMON_LOG

 

IRULE_S1P_PD03_EXTERNAL_LIVE_CIAMAINTENANCE

 

IRULE_S1P_PD03_EXTERNAL_LIVE_ROUTING

 

IRULE_S1P_PD03_EXTERNAL_LIVE_EZONE

 

}

 

snat automap

 

}

 

the configuration and irule look okay to me. is this only virtual server the irule is applied?

Hi Nitass

 

I do have the irule assigned to an HTTP virtual server and it works fine.

 

 

ltm virtual VS_S1P_PD03_EXTERNAL_LIVE_HTTP {

 

destination 172.31.137.59:http

 

ip-protocol tcp

 

mask 255.255.255.255

 

partition S1PEL

 

profiles {

 

PROFILE_S1P_PD03_EXTERNAL_LIVE_HTTP { }

 

oneconnect { }

 

tcp { }

 

}

 

rules {

 

IRULE_COMMON_LOG

 

IRULE_S1P_PD03_EXTERNAL_LIVE_EZONE

 

IRULE_S1P_PD03_EXTERNAL_LIVE_CIAMAINTENANCE

 

IRULE_S1P_PD03_EXTERNAL_LIVE_ROUTING

 

}

 

snat automap

 

}

 

 

I think this is why I am finding it strange it doesnt work on HTTPS.

 

 

I will try removing sonme of the other irules in case they are causing the issue.

 

 

Unfortunately though the ROUTING irule does control everything thing else so removing this will probably cause virtual server to fail anyway.

 

 

Thanks

Update:

 

 

The irule now works on HTTPS.

 

 

I havent changed anything excepy for rebooting PC overnight.

 

 

It musy have been some browser issue (though I had been clearing cache/cookies etc).

 

 

Thanks for your help Nitass!

Although iRule is now working fine on both HTTP and HTTP virtual servers I have found a slight issue.

 

 

When i stay on the same VIP the irule works fine

 

Example:

 

1) If uri is http://www.test1.com and irule is set to replace host to www.test2.com and change uri to /index.html - i get re-written and sent to correct page but browser still has http://www.test1.com - This is good and is working as designed

 

2) if i try the same as 1) but replace protocol with https and change uri to /secure (i have another irule that picks up that /secure should be https and forces all traffic to HTTPS virtual server) this works as expected e.g. requested uri is https://www.test1.com/secure - gets re-written to https://www.test2.com/secure and browser retains https://www.test1.com/secure

 

However....

 

3) If i enter http://www.test1.com/secure - i get redirected to https://www.test2.com/secure and browser shows this in address bar.

 

 

I am guessing it is something to do with the other irules i have - but just wondered whether anyone had seen something like this previously?

 

 

 

I am guessing it is something to do with the other irules i have - but just wondered whether anyone had seen something like this previously? can you post the irule?

I think this is the relevant part of irule

 

 

And looking at it now i guess it makes sense....the re-write from http://www.test1.com to https://www.test1.com/secure is picked up by this irule that knows /secure is HTTPS so it then does a redirect

 

 

( HTTP::respond 301 noserver Location "https://$requestedHost$requestedURI")

 

 

I'll need to figure out how to prevent this happening (perhaps a check to see whether referer = www.test1.com?)

 

 

 

 

REDIRECT HTTP to HTTPS

 

 

 

Check if URI is listed as requiring to be https and redirect is appropriate

 

 

 

} elseif {($protocol equals "HTTP") and ([class match -value $requestedURI starts_with $portalContextRoutingClass] equals "https")} {

 

set codeBlock "REDIRECT HTTP to HTTPS"

 

 

if {$debug >= 1} {

 

log local0. "$vsName : Debug Level $debug : $codeBlock : Redirecting to https://$requestedHost$requestedURI"

 

}

 

 

HTTP::respond 301 noserver Location "https://$requestedHost$requestedURI"

 

 

 

REDIRECT HTTP to HTTPS