HTTPS redirect from custom port to port 443

when HTTP_REQUEST {
    HTTP::respond 302 Location "https://[HTTP::host]"
}

Not sure if you also needed to evaluate the host name, but in this case you have a VIP listening on port 8443 with a client SSL profile and this iRule. All requests to this VIP are automatically redirected to the 443 URL (a different VIP).

Thank you so much Kevin for the quickly reply. Im not at all proficient in iRule writing but im trying to get better.

What is this part: HTTP:respond 302 location..

Also even though the original client request is HTTPS do we still need to put "when HTTP_REQUEST" ?

What is this part: HTTP:respond 302 location..

This is an HTTP response command. You're essentially instructing the iRule to issue an immediate HTTP response to the client, with a status code of 302 (redirect), and a Location header that points to the desired URL.

Also even though the original client request is HTTPS do we still need to put "when HTTP_REQUEST" ?

Yes. The S in HTTPS is SSL, which is an OSI layer 6 wrapper around the layer 7 HTTP communications. SSL is processed and removed before the HTTP request is processed, so both HTTP and HTTPS requests are still HTTP and processed as HTTP events.

Thanks Kevin, I implemented the iRule but doesnt seem to be working. I get error timed out. So here is the implementation. I have two VIPs. One with the F5 listening on port 8443 but without a clientssl. I have another VIP with the F5 listening on port 443 with a clientssl profile. The URI is the following - https://jiratest.chicago.xxx.com:8443/login which of course will get redirected to https://jiratest.chicago.xxx.com/login

So I took your script and did the following: when HTTP_REQUEST { HTTP::respond 302 Location "https://[HTTP::jiratest.chicago.xxx.com]" }

The F5 throws out the following error:01070151:3: Rule [/Common/Custom_Redirect] error: /Common/Custom_Redirect:2: error: [undefined procedure: HTTP::jiratest.chicago.xxx.com][HTTP::jiratest.chicago.xxx.com]

So i then remove the URI and put in - when HTTP_REQUEST { HTTP::respond 302 Location "https://[HTTP::host]" }

F5 takes the script and I apply it but then that when i get the timed out message when I try to visit the site.

The problem is that you're doing HTTPS at the 8443 VIP but you don't have a client SSL profile. You need that to decrypt the client's SSL and process the underlying HTTP request.

"[HTTP::jiratest.chicago.xxx.com]" isn't valid. You can explicitly name the URL:

HTTP_REQUEST { 
    HTTP::respond 302 Location "https://jiratest.chicago.xxx.com" 
}

Or you can use [HTTP::host] to redirect back to the FQDN that the client requested

HTTP_REQUEST { 
    HTTP::respond 302 Location "https://[HTTP::host]" 
} 

Ahhh it all makes sense now actually. Thanks Kevin so much.

If thats the case then I dont think this will work as we already have a certificate for jiratest.chicago.xxx.com and dont think I can apply that same certificate to the new VIP on port 8443.....unless.......i use the same clientssl for multiple VIPs.

That should work.

If you're relatively certain that you always want to redirect 8443 to 443 you'll want to use a 301 (permanent redirect) rather than a 302 (temporary redirect. The latter doesn't get cached by the client and results in an additional request/response every time the resource is requested over port 8443.