For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JohnL_247646's avatar
JohnL_247646
Icon for Nimbostratus rankNimbostratus
Aug 11, 2016

http::redirect question

Need to write a irule for http redirect, say http://www.server1.com:8080/site to https://www.server1.com:9000/site. I can create a VS (VS1)with source port of 8080 and a simple irule, http::redirec...
BIG-IP
devops
iRules
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Aug 12, 2016

Hi John,

it can be done by using just one Virtual Server, but the configuration is more complex and also less performant compared to use two independent Virtual Servers. So I would recommend to use two independent Virtual Servers for your current task...

Well, if still want to use a single Virtual Server accessible via HTTP:8080 and HTTPS:9000, then configure the Virtual Server to listen on every TCP port (aka. TCP:*) and then use an iRule (triggered on every new connection attempt) to perform a configuration change for the ongoing connection, based on the requested port number.

 

when CLIENT_ACCEPTED {
    if { [set local_port [TCP::local_port]] eq "8080" } then {
        SSL::disable clientside
    } elseif { $local_port eq "9000" } then {
         Use the default settings of the virtual server
    } else {
        reject
    }
}
when HTTP_REQUEST {
    if { $local_port eq "8080" } then {
        HTTP::redirect "https://[getfield [HTTP::host] ":" 1]:9000[HTTP::uri]" 
    } else {
         insert additional iRule code here as needed or just rely on the default settings of the virtual server
    }   
}

 

Note: Your the settings of the Virtual Server should be the onces for HTTPS::9000 and keep in mind to attach a Client_SSL_Profile to this Virtual Server.

Cheers, Kai