Forum Discussion
LyonsG_85618
Cirrostratus
CirrostratusHTTP::header replace problem
Hi folks.
I have a simple iRule to replace a host & uri
when HTTP_REQUEST {
set requestedHost [string tolower [HTTP::host]]
set requestedURI [HTTP::uri]
if {($requestedHost equals "test1.domain.com") and ($requestedURI equals "/")} {
HTTP::header replace Host "test2.domain.com"
HTTP::uri "/some/other/uri"
}
}
This iRule work like a charm on my HTTP virtual server. However when I assign it to the HTTPS virtual server I get the following error:
- Operation not supported (line 4) invoked from within "HTTP::header replace Host "test2.domain.com""
There are other irules on the virtual server that control routing to pools based on various external class files however I am not sure how they woluld be causing the issue I am seeing /
The same irules are assigned to both HTTP & HTTPS virtual servers.
Any ideas?
Thanks in advance for your help!
- nitass
Employee
can you post the https virtual server configuration?
e.g.
tmsh list ltm virtual (name) 
LyonsG_85618ltm virtual VS_S1P_PD03_EXTERNAL_LIVE_HTTPS {
destination 172.31.137.59:https
ip-protocol tcp
mask 255.255.255.255
partition S1PEL
profiles {
PROFILE_S1P_PD03_EXTERNAL_LIVE_CLIENTSSL {
context clientside
}
PROFILE_S1P_PD03_EXTERNAL_LIVE_HTTP { }
PROFILE_S1P_PD03_EXTERNAL_LIVE_SERVERSSL {
context serverside
}
oneconnect { }
tcp { }
}
rules {
IRULE_COMMON_LOG
IRULE_S1P_PD03_EXTERNAL_LIVE_CIAMAINTENANCE
IRULE_S1P_PD03_EXTERNAL_LIVE_ROUTING
IRULE_S1P_PD03_EXTERNAL_LIVE_EZONE
}
snat automap
}- nitassthe configuration and irule look okay to me. is this only virtual server the irule is applied?
- LyonsG_85618Hi Nitass
I do have the irule assigned to an HTTP virtual server and it works fine.
ltm virtual VS_S1P_PD03_EXTERNAL_LIVE_HTTP {
destination 172.31.137.59:http
ip-protocol tcp
mask 255.255.255.255
partition S1PEL
profiles {
PROFILE_S1P_PD03_EXTERNAL_LIVE_HTTP { }
oneconnect { }
tcp { }
}
rules {
IRULE_COMMON_LOG
IRULE_S1P_PD03_EXTERNAL_LIVE_EZONE
IRULE_S1P_PD03_EXTERNAL_LIVE_CIAMAINTENANCE
IRULE_S1P_PD03_EXTERNAL_LIVE_ROUTING
}
snat automap
}
I think this is why I am finding it strange it doesnt work on HTTPS.
I will try removing sonme of the other irules in case they are causing the issue.
Unfortunately though the ROUTING irule does control everything thing else so removing this will probably cause virtual server to fail anyway.
Thanks - LyonsG_85618Update:
The irule now works on HTTPS.
I havent changed anything excepy for rebooting PC overnight.
It musy have been some browser issue (though I had been clearing cache/cookies etc).
Thanks for your help Nitass! - LyonsG_85618Although iRule is now working fine on both HTTP and HTTP virtual servers I have found a slight issue.
When i stay on the same VIP the irule works fine
Example:
1) If uri is http://www.test1.com and irule is set to replace host to www.test2.com and change uri to /index.html - i get re-written and sent to correct page but browser still has http://www.test1.com - This is good and is working as designed
2) if i try the same as 1) but replace protocol with https and change uri to /secure (i have another irule that picks up that /secure should be https and forces all traffic to HTTPS virtual server) this works as expected e.g. requested uri is https://www.test1.com/secure - gets re-written to https://www.test2.com/secure and browser retains https://www.test1.com/secure
However....
3) If i enter http://www.test1.com/secure - i get redirected to https://www.test2.com/secure and browser shows this in address bar.
I am guessing it is something to do with the other irules i have - but just wondered whether anyone had seen something like this previously? - nitassI am guessing it is something to do with the other irules i have - but just wondered whether anyone had seen something like this previously? can you post the irule?
- LyonsG_85618I think this is the relevant part of irule
And looking at it now i guess it makes sense....the re-write from http://www.test1.com to https://www.test1.com/secure is picked up by this irule that knows /secure is HTTPS so it then does a redirect
( HTTP::respond 301 noserver Location "https://$requestedHost$requestedURI")
I'll need to figure out how to prevent this happening (perhaps a check to see whether referer = www.test1.com?)
REDIRECT HTTP to HTTPS
Check if URI is listed as requiring to be https and redirect is appropriate
} elseif {($protocol equals "HTTP") and ([class match -value $requestedURI starts_with $portalContextRoutingClass] equals "https")} {
set codeBlock "REDIRECT HTTP to HTTPS"
if {$debug >= 1} {
log local0. "$vsName : Debug Level $debug : $codeBlock : Redirecting to https://$requestedHost$requestedURI"
}
HTTP::respond 301 noserver Location "https://$requestedHost$requestedURI"
REDIRECT HTTP to HTTPS
