Forum Discussion
Check1t_282465
Nimbostratus
Nimbostratusirule for https 2 http for specific IP
Any suggestions for an irule (or policy) that would force all http traffic to https except for a specific IP which would be allowed to access http?
Thanks.
Create your own policy or iRule, it is very easy. We can have a look what wrong with that if it is not working. You can use data group for conditional redirect. Next links can help you with that
 
https://support.f5.com/csp/article/K26312346
 
https://support.f5.com/csp/article/K14996 
https://clouddocs.f5.com/api/irules/http__redirect.html 
https://devcentral.f5.com/s/articles/irules-101-02-if-and-expressions 
https://devcentral.f5.com/s/articles/the101-irules-101-datagroups-amp-tables 
Creating LTM policy via GUI is intuitive. You can create LTM policy instead of iRule
 
Check1t_282465Thanks for the response. I'm afraid that we have different definitions of what constitutes 'very easy' :-). Anyway, for release 12.1.2, already have an irule in place that redirects any http traffic to https similar to first link. Looks like this when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } definition-signature SIGNATURENAME...
Want to keep this general rule but add an exception that 2 specific IP can continue to access over http. I tried by modifying existing rule and adding another condition on top: when HTTP_REQUEST { if { ([IP::addr [IP::client_addr] equals 10.x.x.01) || ([IP::addr [IP::client_addr] equals 10.x.x.05) } { HTTP::redirect "http://[HTTP::host][HTTP::uri]" } elsewhen HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } definition-signature SIGNATURENAME... } } But it hated that.
Lee_SutcliffeNacreous
Try this
when HTTP_REQUEST { if {!([IP::client_addr] equals "10.10.10.10")} { HTTP::redirect https://[HTTP::host][HTTP::uri] } }