HTTPS rewrite???

Question

Hello All,  
 I have two vips setup, one for http and one for https. I've put in place an http to https redirect on the http vip and it is working as expected.  
   
 when HTTP_REQUEST {  
 if { [HTTP::host] equals "test.domain.com" } {  
 HTTP::redirect https://test.domain.com/app/login.do  
 }  
 }  
   
 My issue is the https side of things, if someone tries to go to "https://test.domain.com" directly and I try to use the same irule as above on the https vip, I keep getting stuck in a redirect loop. I don't see an HTTP::rewrite command, so how might I go about trying to do a rewrite instead?  
 TIA,  
 DarkSide

the_bhattman · Answer

When you look at [HTTP::host] it's going to be true if it looks like this 
  
 https://test.domain.com/app/login.do  
 or 
 https://test.domain.com 
 or 
 https://test.domain.com/whatever/ 
  
 This is why it's going to keep redirecting and looping through the same irule 
  
 What you need to do is determine if there is a uri, meaning "/app/login.do" 
  
 So you rewrite the logic

when HTTP_REQUEST {    
    if { ([HTTP::host] equals "test.domain.com") and [HTTP::uri] equals "/" } {    
         HTTP::redirect https://test.domain.com/app/login.do  
       }    
 }

This should then only trigger the redirect when the request hits the vip as http(s)://test.domain.com/  
  
 hope this helps 
 CB

darksideoftheq_ · Answer

I appreciate the assistance CB, it certainly helped. I had begun thinking that I might need 2 iRules to accomplish my goal and was uncertain how to handle the https side. Using only one make things much easier. 
&nbsp;  
&nbsp; Thanks, 
&nbsp; -DarkSide

darksideoftheq_ · Answer

Ok, as I mentioned this is working, but now they've come back and asked me to do something that should be handled at the app layer. They have a web console that is used to change parameters of the app server. Rather than putting a password on it like they should, they want me to drop any requests attempting to access it. I tried using the 'else' and 'elseif' statements, but they seemed to drop everything. Where have I fallen off the tracks on this???

when HTTP_REQUEST {  
 if { ([HTTP::host] equals "test.domain.com") and [HTTP::uri] equals "/" } {  
 HTTP::redirect https://test.domain.com/app/login.do 
 } elseif { ([HTTP::uri] contains "appconsole" or "qaconsole") } { 
 reject } 
 }

I also tried this with no success???

when HTTP_REQUEST {  
    if { ([HTTP::host] equals "test.domain.com") and [HTTP::uri] equals "/" } {  
         HTTP::redirect https://test.domain.com/app/login.do 
         } else { 
          reject } 
 }

TIA 
 -DarkSide

lmwf1_55268 · Answer

It looks like because it never get to the elseif line, 
&nbsp; it does the redirect on the first couple lines. 
&nbsp;  
&nbsp; Tweak your uri equals line or change the order or logic. &nbsp;

Forum Discussion

HTTPS rewrite???

Recent Discussions

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Can F5 be in Bridge Mode or a L2 DDOS to protect from L3-L4 DDOS attack

How to export a list of paired external service providers from APM?

Service discovery is not happening in AS3

Related Content

Rewrite http:// to https:// in response content

HTTPS offload rewriting

Rewrite HTTP Redirect Hostname

Rewriting Redirects

HTTP to HTTPS Redirect Rewrite plus port change

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS