Forum Discussion
NimbostratusHTTPS to HTTP irule - yes it's backwards
Trying to create a HTTPS to HTTP redirect irule to force incoming S connections to use the http vip. I just tried to copy the built-in HTTPS>HTTP irule, but it did not like that. Any suggestions?
Thanks
5 Replies
- Kevin_Stewart
Employee
How does it fail?
when HTTP_REQUEST { HTTP::redirect "http://[HTTP::host][HTTP::uri]" }Do you have a client SSL profile applied to the VIP?
JNI admit I was reliant on the sharepoint resource to tell me if it was working or not. They simply said it wasn't directing to the page. No SSL profiles.
- Kevin_Stewart
If you have a VIP listening on HTTPS/port 443, you need an HTTP profile and client SSL profile in order to use this iRule.
ArieAltostratus
What's the rationale for redirecting from HTTPS to HTTP? If it's merely to satisfy a back-end requirement you might be able to host the instance by terminating HTTPS on the BIG-IP:
client <----HTTPS----> big-ip <----HTTP----> origin web servers- Kevin_Stewart
agree on the HTTP profile, not on the SSL profile since it's coming in unencrypted. Probably should have mentioned that also.
If a user types into the browser URL, the browser is going to attempt to do SSL. There's really no way around this. So in order to catch layer 7 HTTP requests on a VIP listening on port 443 for HTTPS requests, you need to be able to terminate the incoming SSL with a client SSL profile.
