Forum Discussion
thunderbird_920
Nimbostratus
NimbostratusIRule http redirect https
I need help here. When I access the pool member ip from web brower directly, I can see the page (https//poolmemeberIP).
When I apply the irule as shown below to redirect http to https from the virtual server and try to access the page (), it did not show up.
when HTTP_REQUEST {
HTTP::redirect ]
}
From command terminal, I run b conn all show. Below is the resut.
clientIP:ariliamulti <-> virtualserverIP:http <-> any6 tcp 1/0
clientIP:rdc-wh-eos <-> virtualserverIP:https <-> any6 tcp 1/1
I did the test by creating another virtual server with service port https and access it with https://virtual serverIP, the page did not show up as well.
Is the irule working properly? How to trobleshoot from here?
Thank you for prompt reply.
nitassEmployee
can you post https virtual server and pool configuration?
b virtual (https virtual server name) list
b pool (pool name) list
thunderbird_920Hi,
Please refer to the configuration below:
[admin@KL-TP-F5-LTM1:Active] ~ b virtual Admin_LB
VIRTUAL ADDRESS 172.55.128.88 UNIT 1
| ARP enable
| (cur, max, limit, tot) = (0, 18, 0, 66)
| (pkts,bits) in = (373, 325992), out = (249, 127232)
+-> VIRTUAL Admin_LB SERVICE http
| PVA acceleration none
| (cur, max, limit, tot) = (0, 8, 0, 35)
| (pkts,bits) in = (213, 256856), out = (118, 83200)
| requests (total) = 3
+-> RULE http_to_https_redirect
+-> HTTP_REQUEST 21 total 0 fail 0 abort
+-> POOL admin LB METHOD round robin MIN/CUR ACTIVE MEMBERS 0/2
| (cur, max, limit, tot) = (0, 2, 0, 2)
| (pkts,bits) in = (12, 19560), out = (8, 11728)
+-> POOL MEMBER admin/172.55.128.28:http active,up
| | session enabled priority 0 ratio 1
| | (cur, max, limit, tot) = (0, 1, 0, 1)
| | (pkts,bits) in = (5, 6936), out = (3, 4048)
| | requests (total) = 1
+-> POOL MEMBER admin/172.55.128.29:http active,up
| session enabled priority 0 ratio 1
| (cur, max, limit, tot) = (0, 1, 0, 1)
| (pkts,bits) in = (7, 12624), out = (5, 7680)
| requests (total) = 2
[admin@KL-TP-F5-LTM1:Active] ~ b pool admin list
pool admin {
monitor all gateway_icmp
members {
172.55.128.28:http {}
172.55.128.29:http {
monitor gateway_icmp
}
}
}- nitasse.g.
[root@ve1024:Active] config b virtual bar80 list virtual bar80 { destination 172.28.19.79:80 ip protocol 6 rules myrule profiles { http {} tcp {} } } [root@ve1024:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } } [root@ve1024:Active] config b virtual bar443 list virtual bar443 { snat automap pool foo destination 172.28.19.79:443 ip protocol 6 profiles { clientssl { clientside } tcp {} } } [root@ve1024:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve1024:Active] config curl -ILk http://172.28.19.79 HTTP/1.0 302 Found Location: https://172.28.19.79/ Server: BigIP Connection: Keep-Alive Content-Length: 0 HTTP/1.1 200 OK Date: Fri, 29 Jun 2012 09:30:18 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 - thunderbird_920Hi,
[admin@KL-TP-F5-LTM1:Active] ~ b virtual Admin_LB list
virtual Admin_LB {
snat automap
pool admin
destination 172.55.128.88:http
ip protocol tcp
rules http_to_https_redirect
persist source_addr
profiles {
http {}
tcp_admin {}
}
}
[admin@KL-TP-F5-LTM1:Active] ~ b pool admin list
pool admin {
monitor all gateway_icmp
members {
172.55.128.28:http {}
172.55.128.29:http {
monitor gateway_icmp
}
}
} - nitasscan you try to create https virtual server similar to this?
virtual Admin_LB_https { snat automap pool admin destination 172.55.128.88:https ip protocol tcp persist source_addr profiles { http {} clientssl { clientside } tcp_admin {} } } 
boneyardMVP
i might be overlooking it, but nowhere i see the https virtual server you are redirecting to, the one you show is http i believe.
perhaps this is what nitass is pointing out also.
santosh_81454Hi thunderbird,
I see the following two problems with the config.
Firstly change the irule to include ". see below:
when HTTP_REQUEST {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}
Secondly, when you are accessing the server directly you are using the HTTPS protocol. So, create a new pool with pool members to configured on 443 service.
Also, as Nitass suggested create a new HTTPS VS and add the new pool as its pool member. Make sure to use Client and Server side certificates is you are performing SSL termination on the F5.
Also, as nitass stated above make sure, you create a virtual server which listens on port 443 and has a certificate assigned to it.- thunderbird_920Hi All,
I did try to create https virtual server and assign pool members with port 443. It didn't work as well.
Based on the requirement, i need to redirect http to https from the virtual server. Can assume that need to configure virtual server with port 443 (https), and pool members with port 80 (http)? Is there a certificate need to assign to it?
when I ping to the hostname, f5adminhostname.com, it is responding with virtual server IP. - nitassjust a quick clarification.
you should have 2 virtual servers. one is listening on port 80 and has redirection irule.
the other virtual server is listening on port 443. if you use pool member which is on port 443, just use tcp profile i.e. no clientssl, serverssl and http profiles. however, if pool member is on port 80, you have to assign clientssl profile to the virtual server. for testing, default clientssl profile would be fine. - nitassI have done what you mention. The result was still the same.can you post your configuration here?
b virtual (http virtual server name) list
b pool (http virtual's pool name) list
b virtual (https virtual server name) list
b pool (https virtual's pool name) list