Forum Discussion

Jon_Singh's avatar
Jon_Singh
Icon for Altostratus rankAltostratus
Jan 23, 2014

irule http to https redirect with a little nuance

Hi Everyone,

I was hoping for a hand, I'm working on a irule that says: if you reach http://sysdev redirect to https://sysdev.x.com/login.aspx

otherwise, if someone has a bookmark to http://sysdev/form1.aspx redirect to https://sysdev.x.com/form1.aspx

So this is what I have:

when HTTP_REQUEST {
   if { [HTTP::uri] == "/" } {
      HTTP::redirect https://sysdev.x.com/login.aspx 
   }
    else {
        HTTP::redirect https://sysdev.x.com[HTTP::uri]
    }
}

Would this work? I cant find much documentation on 'else' only on 'elseif' - any help would be appreciated.

application delivery
availability
BIG-IP Access Policy Manager (APM)
devops
ihealth
iRules
management
security
  • afedden_1985's avatar
    afedden_1985
    Icon for Cirrus rankCirrus
    Jan 23, 2014

    if you want to redirect all HTTP to HTTPs for the VIP you could do this, it preserves the host and URI and tells them to come back using HTTPS.

     

    when HTTP_REQUEST { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" }

     

    OR

     

    if you only needed to enforce specific URIs for a VIP to enforce HTTPS this works. This rule is applied to the HTTP VIP only and inspects the URI and looks into the external data group called SSLREQUIRED if a match is found a redirect is sent to the client, non matching URIs get passed as HTTP.

     

    when HTTP_REQUEST { set uri_status [class match [string toupper [HTTP::uri]] starts_with SSLREQUIRED] if { $uri_status ne "0" } { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } }

     

    • Jon_Singh's avatar
      Jon_Singh
      Icon for Altostratus rankAltostratus
      Jan 23, 2014
      I believe that the top solution would work for one part of the solution, the only issue I have is this: we have users that have bookmarked something like this: http://sysdev, this currently automatically redirects to http://sysdev.x.com/login.aspx we want it now to redirect to httpS://sysdev.x.com/login.aspx so I figured merging the two directives into one 1 irule would make sense hence why i thought of the original idea, would there be an easy way to merge the login redirect with your first solution?
  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    Jan 23, 2014

    Jon,

     

    1. You mentioned the host "sysdev" in the phrase about the bookmark. Did you mean "sysdev" or "sysdev.x.com"?
    2. Keep in mind that "/" can usually also be accessed as "/default.aspx". You'll want to plan for both.
    3. The Big-IP can be a great tool for forcing people to certain destinations, but in this case I'm wondering if the best solution wouldn't be to configure the log-in in the web.config file.