F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

A__N_5261's avatar
A__N_5261
Icon for Nimbostratus rankNimbostratus
Feb 02, 2012

https Redirect

Hi All,

 

 

 

We have irule which redirecting to HTTPS. when i apply to HTTP VS . it give erro http profile should be configure

 

 

Why we have attach http profile. What is use of it

 

 

 

when HTTP_REQUEST

 

 

{ HTTP::redirect https://[HTTP::host][HTTP::uri] }

 

 

 

 

1. What irule says.

 

 

2. Why http profile require. I used default Http profile it works

 

 

 

 

Thanks

 

A.N
config
design

6 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Feb 02, 2012
    A.N

     

     

    The Http Profile, when attached to the VS, tells / allows the f5 to inspect the Http traffic - you can't do any http manipulation without a http profile attached to a VS.

     

     

    This is also goes for the other profiles for their particular service or protocol.

     

     

    Hope this helps.

     

     

    N
  • A__N_5261's avatar
    A__N_5261
    Icon for Nimbostratus rankNimbostratus
    Feb 02, 2012
    Hi nathan

     

     

    Thanks for Reply

     

     

    Inspect look into payload. but redirection should be happen base on port .if packet come on port 80 just redirect to 443. why we require look into payload

     

     

    Thanks
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Feb 02, 2012
    A.N

     

     

    Your iRule is calling a command HTTP_REQUEST which the f5 will only evaluate if the VS has an http profile assigned.

     

     

    N
  • A__N_5261's avatar
    A__N_5261
    Icon for Nimbostratus rankNimbostratus
    Feb 02, 2012
    Nathan

     

     

    is there any other way to redirect without http profile

     

     

     

     

    Thanks

     

    A.N
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Feb 02, 2012
    A.N

     

     

    Virtual Servers can do Port Translation - enabled by default I think. So, if your VS is listening on port X and the pool member is configured for port Y then the LTM will translate the communication. We do this on a few of our VSs.

     

     

    But, specifically in your case, the traffic would still be port 80 from the client to the LTM, rather than https so I'm not sure if this would meet your needs.

     

     

    HTTP profile + iRule would seem the most straight forward.

     

     

    Rgds

     

    N
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 02, 2012
    i agree with nathan. http profile and irule seem to be the most straight way to achieve this. anyway, if you can't use http profile, you have to collect tcp payload, parse http header and response manually.

    e.g. 

    [root@ve1023:Active] config  b virtual bar list
virtual bar {
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
        TCP::collect
}

when CLIENT_DATA {
        set uri [findstr [TCP::payload] "GET " 4 " "]
        set host [findstr [TCP::payload] "Host: " 6 "\r\n"]

        TCP::respond "HTTP/1.0 302 Found\r\nLocation: https://$host$uri\r\nConnection: Keep-Alive\r\nContent-Length: 0\r\n\r\n"
        TCP::release
}
}

[root@ve1023:Active] config  curl -i http://172.28.19.79/whatever
HTTP/1.0 302 Found
Location: https://172.28.19.79/whatever
Connection: Keep-Alive
Content-Length: 0