Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Julian_Grunnell's avatar
Julian_Grunnell
Icon for Nimbostratus rankNimbostratus
Apr 26, 2007

iRule for adding a Header

Hi - I have an LTM that does client side SSL for a secure website. The website behind the LTM is also available on port 80. Some of the pages must only be avaiable via HTTPS, but at present you can ge...
application delivery
dev
devops
irules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Apr 26, 2007
Hello,

If the only logic you have to go on is a list of URIs that should only be accessible via HTTPS, you can add them to a datagroup (AKA class) and then use matchclass to see if the request should be redirected. The iRule wiki page for matchclass has some examples (Click here)

Note that the datagroup (class) is a separate object from the rule. I updated the wiki page with the following:

To redirect any request whose URI starts with any of the listed strings defined in the redirectURIs data group (class), first define the class (Local Traffic >> iRules >> Data Groups). This is how the object definition appears in the bigip.conf file:


class redirectURIs {
  /my/application/directory
  /another/appdir
  /yet/another
}

Now create a rule which references the class:


when HTTP_REQUEST {
  if { [matchclass [HTTP::uri] starts_with $::redirectURIs] } { 
     HTTP::redirect http://www.domain.com/unavailable.html
 }
}

If you want to only use an exact match against the strings in the class, replace "starts_with" in your rule with "equals".

Aaron