For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

solaikumar_1217's avatar
solaikumar_1217
Icon for Nimbostratus rankNimbostratus
Jan 12, 2016

HTTPS to HTTPS redirection using iRules

Dear All, I have got one new requirement in LTM to forward the HTTPS/HTTP request to instead of or http://your-domain.com/. Have written iRule as follows .For HTTP request everything works fine...
application delivery
iRules
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 12, 2016

Hi Solaikumar,

yes you would need Layer7 inspection for HTTPS-Traffic to parse the request headers and to perform the required redirects.

Furthermore a 

[HTTP::uri]
does only contain the 
[HTTP::path]
& 
[HTTP::query]
part of the web request, but not the protocol used nor the host-header of the site. But based on your functional requirements it wouldn't be required to differentiate on those informations, since both protocols would require the same action.

Scenario 1: Seperate iRule for HTTP and HTTPS Virtual Server

iRule used for HTTP-only VS:

when HTTP_REQUEST {
    HTTP::redirect "https://[getfield [HTTP::host] ":" 1][HTTP::uri]" 
}

iRule used for HTTPS-only VS:

when HTTP_REQUEST {
    if { [HTTP::uri] equals "/") } {
        HTTP::redirect https://your-domain.com/xyz/
    } else {
         Forward the Request
    }
}

Scenario2: Combined iRule used for HTTP and HTTPS Virtual Server

when HTTP_REQUEST {

    if { [PROFILE::exists clientssl] } then {
        if { [HTTP::uri] equals "/") } {
            HTTP::redirect https://your-domain.com/xyz/
        } else {
             Forward the Request
        }
    } else {
        HTTP::redirect "https://[getfield [HTTP::host] ":" 1][HTTP::uri]" 
    }
}

Note: Scenario 1 has a slightly better performance compared to Scenario2

Cheers, Kai