Forum Discussion
MeAndMyBIGIP_60
Nimbostratus
NimbostratusHTTP::URI redirect to another Pool
Trying to use the sample code here (http://devcentral.f5.com/wiki/default.aspx/iRules/HTTP__uri.html) to do something that should be very simple:
when HTTP_REQUEST {
if { [HTTP::uri] ends_with "content1" } {
pool content_pool_1
} elseif { [HTTP::uri] starts_with "/abc" } {
pool abc_servers
}
}
for users browsing to www.website.com/content1 >> they go to the content_pool_1 servers, everything else goes to content_pool_2 servers
But after I enable the rule, I keep getting 404 errors in server in content_pool_2.
The Virtual Server currently points to content_pool_2... how do I/do I need to somehow point the Virtual Server to both content_pool_1 and content_pool_2?
Right now, content_pool_1 isn't assigned to a Virtual Server... does it need to be?
Doesn't seem like this should be so difficult...
47 Replies
r_dynamo_79563Not sure what you mean. Can you elaborate?
r_dynamo
What_Lies_Bene1Cirrostratus
No worries. So you only want to redirect when a client enters just 'www.suppose.com'? If they enter anything else, say 'www.suppose.com/test', you don't want to redirect?- r_dynamo_79563Yes, that's correct, I need the redirect/rewrite when the user enters "http:suppose.com" to "https://suppose.com/psp/rewrite/redirect". I also need help with the overall build, because the Servers handling the load balancing requests for this new redirect/rewrite are on port 9000, and are also handling SSL handshakes, meanwhile I also have SSL offloading occuring from the F5, which is of course a design flaw; since the Servers are expecting encrypted packets from the F5, while they are only recieving decrypted packets. But I also need SSL termination from the F5 to do cookie insertion based load balancing.
In precedence, I have a V.S on port 80, which is doing a http to https redirect from it's iRule, which is followed by another V.S on port 443, which is doing a rewrite to '/psp/rewrite/redirect.' Meanwhile the default pool for this V.S (443) has pool members listening on port 9000.
I'm successfully hitting the login page at "https://suppose.com/psp/rewrite/redirect" from "http://suppose.com", but I'm not able to sucessfully login to the environment. However, upon bypassing the F5, and accessing the Servers directly, I can get in the environment with same user-credentials.
Please advise on how I should proceed with the build, and the necessary iRules I would need to configure.
Thanks,
r_dynamo
r_dynamo - What_Lies_Bene1OK, the iRule would look like this, assuming the Virtual Server only gets traffic for one domain/host name;
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "/" } { HTTP::respond 301 Location "https://suppose.com/psp/rewrite/redirect" return } } - What_Lies_Bene1You could use this rule on the port 80 Virtual Server too to prevent two redirects.
- What_Lies_Bene1Have you assigned a HTTP and Cookie persistence profile to the port 443 Virtual Server - you need to. If you want to re-encrypt from the F5 to the server you can also do that using a Server SSL profile.
Exactly what happens when you attempt to log in? Have you checked the server logs for useful information? - r_dynamo_79563Suggested build with above iRule applied only to VS 80.
Yes I configured cookie persistence, and a Server SSL Profile to the 443 VS. However, with the Server SSL profile, I'm not able to hit the login page, and with the Server SSL removed, at least the login page appears. Upon entering login details, the Servers don't respond to any requests as per the message I receive from using Fiddler (HTTP debugging tool).
On bypassing the F5, and entering login credentials on individual Servers, there is no 'http to https' transfer, does that mean there are no SSL handshakes being handled by the Servers individually?
-------------------------------------------------------------------------
Current build with http to https redirect on vs 80, and "https://[HTTP::host][HTTP::uri]psp/redirect/rewrite" rewrite on VS 443 (along with cookie persistence), allows me to hit the login page.
Upon entering user credentials, it keeps on asking permissions at least 15 times to view environment on an unsecure connection, finally the environment appears in plain text. And upon applying Server SSL, I'm not able to reach the login page. The web-page in plain text only appears on Internet Explorer.
On Firefox, it is in a continuous loop. The loading ring, just rotates clockwise, then anti-clockwise continuously in semi-circles.
Thanks,
r_dynamo - What_Lies_Bene1If you get the login page without the ServerSSL profile then that would suggest the servers are not expecting SSL and you shouldn't be using a ServerSSL profile. That would also indicate that the servers are probably sending http:// links in their responses, hence the browser issues.
You can rewrite all the server responses and ensure they contain https:// by doing the following;
1) Assign the default Stream Profile to the Virtual Server
2) Assign this iRule to the Virtual Server (if can be combined with the other one no problem);when HTTP_REQUEST { STREAM::disable } when HTTP_RESPONSE { STREAM::expression {@http://@https://} STREAM::enable } - What_Lies_Bene1Sorry, that should be;
when HTTP_REQUEST { STREAM::disable } when HTTP_RESPONSE { STREAM::expression {@http://@https://@} STREAM::enable } - r_dynamo_79563Which one is the default stream profile, because I only see 2 iRules in your response or is it just one iRule? Since, I have two VS, which VS do I have to apply this to?
r_dynamo
