Forum Discussion
NimbostratusHTTPS redirects
Hello, I am a complete novice as far as f5 devices are concerned, and I need to achieve the following:
Any traffic to http://testssl.mydomainmail.co.uk gets redirected to https://testssl.mydomain.co.uk/login
Any traffic to http://testssl.mydomainmail.co.uk/anything gets redirected to https://testssl.mydomain.co.uk/anything (where “anything” could be any URL)
Any traffic to http://testssl.mydomain.co.uk/login gets redirected to https://testssl.mydomain.co.uk/login
Any traffic to http://testssl.mydomain.co.uk/xxxlz/anything gets redirected to https://testssl.mydomain.co.uk/xxxlz/anything (where xxx can be anything)
So far I have this:
• Any traffic to http://testssl.mydomainmail.co.uk gets redirected to https://testssl.mydomain.co.uk/login
1 when HTTP_REQUEST { 2if{ [HTTP::host] contains "http://testssl.mydomainmail.co.uk"} {
3 HTTP::redirect https://testssl.mydomain.co.uk/login [HTTP::uri]
• Any traffic to http://testssl.mydomain.co.uk/login gets redirected to https://testssl.mydomain.co.uk/login
1 when HTTP_REQUEST { 2if{ [HTTP::host] contains "http://testssl.mydomain.co.uk/login"} {
3 HTTP::redirect https://testssl.mydomain.co.uk/login [HTTP::uri]
Any help would be appreciated.
6 Replies
nitass_89166Noctilucent
e.g.
config [root@ve11a:Active:In Sync] config tmsh list ltm rule qux ltm rule qux { when HTTP_REQUEST { if { [HTTP::host] eq "testssl.mydomainmail.co.uk" } { switch [string tolower [HTTP::path]] { "/" { HTTP::redirect "https://testssl.mydomain.co.uk/login" } default { HTTP::redirect "https://testssl.mydomain.co.uk[HTTP::uri]" } } } elseif { [HTTP::host] eq "testssl.mydomain.co.uk" } { switch -glob [string tolower [HTTP::path]] { "/login" - "/???lz/*" { HTTP::redirect "https://testssl.mydomain.co.uk[HTTP::uri]" } } } } } test [root@ve11a:Active:In Sync] config curl -I http://testssl.mydomainmail.co.uk HTTP/1.0 302 Found Location: https://testssl.mydomain.co.uk/login Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@ve11a:Active:In Sync] config curl -I http://testssl.mydomainmail.co.uk/anythingbhabhabha HTTP/1.0 302 Found Location: https://testssl.mydomain.co.uk/anythingbhabhabha Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@ve11a:Active:In Sync] config curl -I http://testssl.mydomain.co.uk/login HTTP/1.0 302 Found Location: https://testssl.mydomain.co.uk/login Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@ve11a:Active:In Sync] config curl -I http://testssl.mydomain.co.uk/123lz/anythingbhabhabha HTTP/1.0 302 Found Location: https://testssl.mydomain.co.uk/123lz/anythingbhabhabha Server: BigIP Connection: Keep-Alive Content-Length: 0
Kesh_152548That worked partially: Any traffic to http://testssl.communigatormail.co.uk gets redirected to https://testssl.communigator.co.uk/login - Doesn’t work Any traffic to http://testssl.communigatormail.co.uk/anything gets redirected to https://testssl.communigator.co.uk/anything (where “anything” could be any URL) - Doesn’t work Any traffic to http://testssl.communigator.co.uk/login gets redirected to https://testssl.communigator.co.uk/login - Works Any traffic to http://testssl.communigator.co.uk/xxxlz/ anything gets redirected to https://testssl.communigator.co.uk/xxxlz/ anything (where xxx can be anything) - Works I'm wondering if switch -glob should be used in the earlier command?
- nitass
Employee
e.g.
config [root@ve11a:Active:In Sync] config tmsh list ltm rule qux ltm rule qux { when HTTP_REQUEST { if { [HTTP::host] eq "testssl.mydomainmail.co.uk" } { switch [string tolower [HTTP::path]] { "/" { HTTP::redirect "https://testssl.mydomain.co.uk/login" } default { HTTP::redirect "https://testssl.mydomain.co.uk[HTTP::uri]" } } } elseif { [HTTP::host] eq "testssl.mydomain.co.uk" } { switch -glob [string tolower [HTTP::path]] { "/login" - "/???lz/*" { HTTP::redirect "https://testssl.mydomain.co.uk[HTTP::uri]" } } } } } test [root@ve11a:Active:In Sync] config curl -I http://testssl.mydomainmail.co.uk HTTP/1.0 302 Found Location: https://testssl.mydomain.co.uk/login Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@ve11a:Active:In Sync] config curl -I http://testssl.mydomainmail.co.uk/anythingbhabhabha HTTP/1.0 302 Found Location: https://testssl.mydomain.co.uk/anythingbhabhabha Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@ve11a:Active:In Sync] config curl -I http://testssl.mydomain.co.uk/login HTTP/1.0 302 Found Location: https://testssl.mydomain.co.uk/login Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@ve11a:Active:In Sync] config curl -I http://testssl.mydomain.co.uk/123lz/anythingbhabhabha HTTP/1.0 302 Found Location: https://testssl.mydomain.co.uk/123lz/anythingbhabhabha Server: BigIP Connection: Keep-Alive Content-Length: 0- Kesh_152548That worked partially: Any traffic to http://testssl.communigatormail.co.uk gets redirected to https://testssl.communigator.co.uk/login - Doesn’t work Any traffic to http://testssl.communigatormail.co.uk/anything gets redirected to https://testssl.communigator.co.uk/anything (where “anything” could be any URL) - Doesn’t work Any traffic to http://testssl.communigator.co.uk/login gets redirected to https://testssl.communigator.co.uk/login - Works Any traffic to http://testssl.communigator.co.uk/xxxlz/ anything gets redirected to https://testssl.communigator.co.uk/xxxlz/ anything (where xxx can be anything) - Works I'm wondering if switch -glob should be used in the earlier command?
- Kesh_152548
Thanks very much for this, will test.
- Kevin_Stewart
Because everything is getting redirected to the same HTTPS URL, you could probably simplify this by simply evaluating the URI.
when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::redirect "https://testssl.communigator.co.uk/login" } else { HTTP::redirect "https://testssl.communigator.co.uk[HTTP::uri]" } }
