Forum Discussion

aweise_7447's avatar
aweise_7447
Icon for Nimbostratus rankNimbostratus
Jan 27, 2011

HTTPS redirect based on URI

Greetings,

 

 

We have a VIP that sends traffic to an SSL VPN appliance. The VIP is running on 443 and has a simple pool applied to it. However, we'd like to be able redirect users to a specific URL if they type in an incorrect URL.

 

 

For example, the correct URL is https://www.company.com/vpn. Users are simply forgetting to type in the URI portion so that it ends up being "https://www.company.com/". This causes problems and the users are not able to authenticate to the VPN appliance.

 

 

Can we have an iRule that does something like this:

 

 

when HTTP_REQUEST {

 

switch -glob [string tolower [HTTP::uri]] {

 

"/" {

 

HTTP::redirect "https://www.company.com/vpn"

 

}

 

 

But instead does this for HTTPS? The SSL is not terminated on the BigIP - it's done on the VPN appliance.

 

 

Thanks!

 

application delivery
dev
devops
iRules
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    May 02, 2013
    Regarding doing a proper HTTP redirect it'll depend on your setup and requirements. What's the reason for doing this in the first place?
  • Ashish_Ram_Tak1's avatar
    Ashish_Ram_Tak1
    Icon for Nimbostratus rankNimbostratus
    May 02, 2013
    Dear Steve,

     

     

    I am getting below error while creating the iRule

     

     

    01070151:3: Rule [/Common/redirection] error:

     

    line 5: [undefined procedure: elseif] [elseif { [HTTP::uri] starts_with "/pqr" } {

     

    virtual D

     

    } else {

     

    Virtual A

     

    }]
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    May 02, 2013
    e.g. 

    [root@ve10:Active] config  b virtual A list
virtual A {
   snat automap
   pool foo
   destination 172.28.19.252:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b virtual B list
virtual B {
   snat automap
   pool foo
   destination 2.2.2.2:80
}
[root@ve10:Active] config  b virtual D list
virtual D {
   snat automap
   pool foo
   destination 4.4.4.4:80
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
  set host [HTTP::host]
  set uri [HTTP::uri]
  if { [HTTP::uri] starts_with "/xyz" } {
    virtual B
  } elseif { [HTTP::uri] starts_with "/pqr" } {
    virtual D
  }
}
when HTTP_RESPONSE {
  log local0. "client [IP::client_addr]:[TCP::client_port] server [IP::remote_addr]:[TCP::remote_port] host $host uri $uri"
}
}

 test

[root@ve10:Active] config  tail -f /var/log/ltm
May  2 21:11:16 local/tmm info tmm[4950]: Rule myrule : client 172.28.20.17:60325 server 200.200.200.101:80 host mbanking.abc.com uri /something
May  2 21:11:24 local/tmm info tmm[4950]: Rule myrule : client 172.28.20.17:60326 server 2.2.2.2:80 host mbanking.abc.com uri /xyz/something
May  2 21:11:32 local/tmm info tmm[4950]: Rule myrule : client 172.28.20.17:60327 server 4.4.4.4:80 host mbanking.abc.com uri /pqr/something