https redirect without creating an http virtual server

FWIW, to Chris's last point, I'd absolutely go for two specific VIPs here - setup your port 80 vip with an HTTP class that redirects everything over to HTTPs (something like 'https://[HTTP::host][HTTP::uri]'). Here's why I say this:

 

 

1) The iRule is doing a lot just to satisfy one simple requirement.

 

2) It could potentially open you up more than you'd like to be. For example, a port scan against that VIP will force an iRule evaluation of every request, even if the ports don't match. This isn't ideal.

 

3) With two explicitly defined virtual servers you'll have *much* more control over what specific types of behaviors you want to define.

 

4) Ultimately, it's cleaner this way.

 

 

There's a saying in the Python world that often lays nicely onto the BigIP when faced with design choices like this: "explicit is better than implicit".

 

 

While it can be a bit of overhead to set up, once you do that port 80 VIP you'll be done and you won't have to deal with it again. Plus, it's very explicit, particularly if you name it explicitly - e.g., redirect_to_443 or similar.

 

 

-Matt