Forum Discussion

Milan_4483's avatar
Milan_4483
Icon for Nimbostratus rankNimbostratus
Mar 16, 2011

irule: http to https for a specific host

Hello,

 

 

I have the following issue and need a way to redirect a specific host.

 

 

 

Issue: User types https://www.xyz.com/abc in the browser, request hits F5 which decrypts and forward it the server pool. When servers receive the request its in the form of http://www.xyz.com/abc and they respond with a redirect to http://www.xyz.com/def. Since only https is open on www.xyz.com the connection is terminated.

 

 

 

What i need is a i rule that converts that outbound http://www.xyz.com/def to https://www.xyz.com/def. Also it should not covert any other domains besides www.xyz.com. This is one of the reasons why redirect rewrite option did not work for us.

 

 

 

Please advise.

 

 

 

Thank You,

 

  • I have the following rule but it does not interpret $host variable

     

     

    when HTTP_RESPONSE {

     

    set host [string tolower [HTTP::host]]

     

     

    Check if server response is a redirect

     

    if { [HTTP::status] == "302"} {

     

     

    Check if path in Location header set to lower case contains /uri1 or /uri2

     

    switch -glob [string tolower [URI::host [HTTP::header value Location]]] {

     

    $host

     

    {

     

    Do the update, replacing http:// with https://

     

    HTTP::header replace Location [string map -nocase "http:// https://" [HTTP::header value Location]]

     

    }

     

    }

     

    }

     

    }

     

     

     

     

    If i hardcode the $host variable in the switch statement, it works. Not able to figure out why.
  • You can capture the protocol in the HTTP::header on the Response and change it.

    Try this and let me know if it works for you.

    
    when HTTP_RESPONSE {
    if { [ HTTP::is_redirect]  and [URI::protocol [HTTP::header "Location" ]] eq "http" } {
    set path [findstr [HTTP::header "Location" ] "//" 2  ]
    HTTP::header replace "Location" "https://$path"
    }
    }
    
  • Hi Milan,

     

     

    HTTP::host doesn't work in HTTP_RESPONSE. You can save the value in HTTP_REQUEST and then reference the variable. As Michael showed, it would be good to use HTTP::is_redirect to look for all redirect status codes instead of just 302's.

     

     

    Aaron
  • Posted By Michael Yates on 03/17/2011 09:07 AM

    You can capture the protocol in the HTTP::header on the Response and change it.

    Try this and let me know if it works for you.

     when HTTP_RESPONSE { if { [ HTTP::is_redirect] and [URI::protocol [HTTP::header "Location" ]] eq "http" } { set path [findstr [HTTP::header "Location" ] "//" 2 ] HTTP::header replace "Location" "https://$path" } } 

    I really needed this and it works like a charm!

    I like to fix such things on the F5, instead of educating application developpers. 😉