Forum Discussion

DaZZa's avatar
DaZZa
Icon for Nimbostratus rankNimbostratus
Jun 26, 2017

HTTPS redirection with exceptions

Hi.

 

I have a web site which is used to by developers to build out corporate product. Because it's used for QA purposes, I want it to be as realistic as possible - but I am putting all the associated web sites on one server instead of spreading them like I do in production.

 

This is fine, however while most of the web sites are HTTPS and I can apply the _sys_https_redirect irule - some of them aren't.

 

How can I write an irule to except a specific URI (or URI's) from https redircetion?

 

Oh - running this through BigIP LTM version 11.5.4, HF4, which probably affects any answers.

 

Thanks for any pointers.

 

application delivery
BIG-IP
iRules

2 Replies

Sort By
  • CharlesCS's avatar
    CharlesCS
    Icon for Cirrus rankCirrus
    Jun 27, 2017

    Presumably you don't care about the query string (if present), so you can simply focus on the path. If there are relatively few exception URIs that aren't being forwarded to HTTPS, you might code something like this:

     

    when HTTP_REQUEST {
  switch -glob [string tolower [HTTP::path]] {
    "/foo/" -
    "/bar*" -
    "/some/particularly/long/example/" { return }
    default {
      HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] 
    }
  }
}

    If there are a large number of URIs, you might consider creating a data group and using class match instead of the switch command.

     

    when HTTP_REQUEST {
  if { [class match [HTTP::path] starts_with exception_URI_list] } {
    return
  }
  HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
  • CharlesCS's avatar
    CharlesCS
    Icon for Cirrus rankCirrus
    Jun 27, 2017

    For hostname comparisons, use HTTP::host instead of HTTP::path, like so:

    when HTTP_REQUEST {
  switch [string tolower [HTTP::host]] {
    "foo.bar.com" -
    "baz.bar.com" -
    "yet.another.subdomain.of.bar.com" { return }
    default {
      HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] 
    }
  }
}