Forum Discussion
iRule Maintenance Page for HTTPS VIP
We a virtual server configured for both port HTTP and HTTPS, we need to setup an iRule for maintenance page if either VIP is down it will redirect to a maintenance page for both HTTP and HTTPS, we have setup iRule_maintenance for HTTP VIP and it is working, but for HTTPS it is not working. SSL certificate is installed in both F5 LTM and back end servers. There is no option inside iRule to enter https word in iRule creation. Please help us.
Thanks in Advance.
- Srini_87152Cirrostratus
hi,
for https vip,did you configure client and server ssl with http profile?
Thx Srini
- Sujeet_Singh_34Nimbostratus
Yes, for port 443 VIP, we have client SSL profile as well as ServerSSL profile.
- Hannes_Rapp_162Nacreous
If a Virtual Server is unavailable, client will receive TCP/RST. They are client-side listeners and you cannot serve any maintenance page content or even a basic HTTP redirect response if the network socket itself doesn't open. You must refer to status of a pool/pools/a pool member
Please paste output of your full Virtual Server configs
tmsh list ltm virtual vs-http-name tmsh list ltm virtual vs-https-name
And your maintenance iRule currently in use
Regards,
- Sujeet_Singh_34Nimbostratus
==>Please find the output of the command you requested, just for the info, we have not mapped iRule for port 443 VIP, as it was not working, but after adding iRule for port 80, and we tested it was redirecting when we disable pool members for port 80 VIP. And we also have installed SSL certificate for port 443 VIP, and enabled both BIG IP side as well as backend servers side, I mean Client SSL profile and Server SSL profile enabled.
And finally thank you very much for your help
==>tmsh list ltm virtual abc_com_443 ltm virtual abc_com_443 { destination 10.35.20.7:https ip-protocol tcp mask 255.255.255.255 persist { source_addr { default yes } } pool abc_net_443 profiles { tcp { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 119 }
==>tmsh list ltm virtual abc_com_80 ltm virtual abc_com_80 { destination 10.35.20.7:http ip-protocol tcp mask 255.255.255.255 persist { source_addr { default yes } } pool abc_net_80 profiles { http { } tcp { } } rules { myabc.com_80-maintenance } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 118 }
==> iRule
myabc.com_80-maintenance
when HTTP_REQUEST {
If the myabc.com_80 is down, redirect to the maintenance page if { [active_members abc_net_80] < 1 } { HTTP::redirect "; return }
}
=>myabc.com_443-maintenance when HTTP_REQUEST {
If the myabc.com_443 is down, redirect to the maintenance page if { [active_members abc_net_443] < 1 } { HTTP::redirect "; return }
}
- Hannes_RappNimbostratus
If a Virtual Server is unavailable, client will receive TCP/RST. They are client-side listeners and you cannot serve any maintenance page content or even a basic HTTP redirect response if the network socket itself doesn't open. You must refer to status of a pool/pools/a pool member
Please paste output of your full Virtual Server configs
tmsh list ltm virtual vs-http-name tmsh list ltm virtual vs-https-name
And your maintenance iRule currently in use
Regards,
- Sujeet_Singh_34Nimbostratus
==>Please find the output of the command you requested, just for the info, we have not mapped iRule for port 443 VIP, as it was not working, but after adding iRule for port 80, and we tested it was redirecting when we disable pool members for port 80 VIP. And we also have installed SSL certificate for port 443 VIP, and enabled both BIG IP side as well as backend servers side, I mean Client SSL profile and Server SSL profile enabled.
And finally thank you very much for your help
==>tmsh list ltm virtual abc_com_443 ltm virtual abc_com_443 { destination 10.35.20.7:https ip-protocol tcp mask 255.255.255.255 persist { source_addr { default yes } } pool abc_net_443 profiles { tcp { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 119 }
==>tmsh list ltm virtual abc_com_80 ltm virtual abc_com_80 { destination 10.35.20.7:http ip-protocol tcp mask 255.255.255.255 persist { source_addr { default yes } } pool abc_net_80 profiles { http { } tcp { } } rules { myabc.com_80-maintenance } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 118 }
==> iRule
myabc.com_80-maintenance
when HTTP_REQUEST {
If the myabc.com_80 is down, redirect to the maintenance page if { [active_members abc_net_80] < 1 } { HTTP::redirect "; return }
}
=>myabc.com_443-maintenance when HTTP_REQUEST {
If the myabc.com_443 is down, redirect to the maintenance page if { [active_members abc_net_443] < 1 } { HTTP::redirect "; return }
}
- AhmedGalal219_3Nimbostratus
http condition in irule is for both http & https ... is the maintenance page use same SSL server cert ... what i think that maintenance page is http page that why its working perfectly in http traffic ,, can you please post irule that you are appling in https vip
The configuration clearly shows you have no SSL profile attached to the 443 virtual server. If the traffic cannot be decrypted then the F5 cannot send the redirect. You will also need a HTTP profile as the HTTP_REQUEST event will not trigger without it.
==>tmsh list ltm virtual abc_com_443 ltm virtual abc_com_443 { destination 10.35.20.7:https ip-protocol tcp mask 255.255.255.255 persist { source_addr { default yes } } pool abc_net_443 profiles { <<<--- no http and ssl profiles tcp { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 119 }
If you look in the GUI you will see they are not configured.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com