Forum Discussion

DoubleJz's avatar
DoubleJz
Icon for Nimbostratus rankNimbostratus
Oct 24, 2023

iRule or LTM Policy to pre-fix desired www. sites

I have an issue where if I browse to https://abc.com the page will not load ( connection timed out) but https://www.abc.com will load as desired. Therefore, I believe I need to somehow modify the fo...
application delivery
Niels_van_Sluis's avatar
Niels_van_Sluis
Icon for MVP rankMVP
Oct 24, 2023

Okay, then it seems abc.com and www.abc.com are different sites and abc.com isn't configured to handel HTTPS traffic. In that case you are probably better of using two datagroups. One datagroup that lists all allowed hostnames and another that contains hostnames that should be excluded from having put www. to it. Then let the iRule decide if it's allowed and/or it's needs to be modified with the start of www.

  • DoubleJz's avatar
    DoubleJz
    Icon for Nimbostratus rankNimbostratus
    Oct 24, 2023

    Understood. I created a new datagroup Datagroup_exclude and placed the subdomain sites in it. I guess I went full circle back to my original question now though. How would you go about checking to see if it needs to be modified with www and exlude those in the new datagroup?

    • Niels_van_Sluis's avatar
      Niels_van_Sluis
      Icon for MVP rankMVP
      Oct 25, 2023

      What about this solution? Use the same Datagroup1, and define the allowed hosts as 'strict' if they shouldn't be modified by the iRule. In the example below 'nielske.nl' isn't allowed to be modified.

      And use Datagroup1 with the following iRule.

      when HTTP_REQUEST {
  if { [class match [HTTP::host] equals Datagroup1] } {
    if { !([HTTP::host] starts_with "www.") && !([class lookup [HTTP::host] Datagroup1] equals "strict") } {
      log local0. "[HTTP::host] doesn't starts_with www. and isn't defined as strict; redirect allowed"
      HTTP::redirect "https://www.[HTTP::host][HTTP::uri]"
    }
  } else {
  HTTP::respond 403
  }
}
      • DoubleJz's avatar
        DoubleJz
        Icon for Nimbostratus rankNimbostratus
        Oct 25, 2023

        I like that and thats similar to what I was trying to come up with prior posting on here. Also to be clear, the inner if statement doesn't need an else. It if doesn't match any constraints it will just leave that inner if statement and continue on in the outter if statement, right?

        when HTTP_REQUEST {
  if { [class match [HTTP::host] equals Datagroup1] } {
    if { !([HTTP::host] starts_with "www.") && !([class lookup [HTTP::host] Datagroup1] equals "strict") } {
      HTTP::redirect "https://www.[HTTP::host][HTTP::uri]"
    }
    pool prod_sites
  } else {
  HTTP::respond 403
  }
}
    • Paulius's avatar
      Paulius
      Icon for MVP rankMVP
      Oct 24, 2023

      DoubleJz Can you provide a few examples of ones that would need to be excluded and which ones wouldn't? Also, if https://abc.com/ doesn't work but https://www.abc.com/ does work most likely all paths associated to just "abc.com" will not work because the root doesn't work. You really should look into where "abc.com" and "www.abc.com" point to and what host they are listening for in your web server configuration.