Forum Discussion
Nimbostratusirule to redirect https and ports
I have http redirect to https working fine. It is working fine and dandy as expected but the problem is that the users have to specify ports since the http is not default port. For instance, http://10.10.10.10:8989 would redirect to https://10.10.10.10:8989 working fine
The virtual server is listening to service port 8989 and the node is listening on port 8989. I want to change the virtual server to listen to default http port 80 which will forward to the node.
I need help with irule so that when users type only http://10.10.10.10 or url without port on their browsers it redirect to https://10.10.10.10 on port 8989.
Thanks for your help.
11 Replies
What_Lies_Bene1Cirrostratus
Sorry, it's not entirely clear, you want a port 80 VS to redirect to HTTPS on 8989? Why not HTTPS on 443. The port translation to 8989 on the real servers is automatic.
Elias_O_16228Hi Steve,
Sorry that it was not clear. I currently have irule for http redirect to https port 443 which is working fine. The VS service port is 8989, users have to type http://10.10.10.10:8989. Users are complaining that they don't want to be specifying the port. They want to http://10.10.10.10 without specifying the port and still redirect to https 443. I am not sure if this is possible. I have changed the VS service to port 80 it did not work. I believe there is something else I need in order to translate the port 80 to 8989. The port translation and address translation are enabled. SNAT is none.
Note: The NODE is only listening on port 8989. Traffic between LTM and server is clear text no encryption. No SSL cert on the server.
I hope this clears- What_Lies_Bene1
A little bit. Is the F5 terminating the SSL? If so, I see no issue with this scenario and as I said the port translation is automatic;
Client --> VS:80 --> iRule redirecting to HTTPS (on 443)
Client --> VS:443 - SSL terminated --> Pool Member:8989
JnonYou virtual is usually going to be 80 and or 443. Let the ltm route to the pool member at its port whatever it may be.
I would only have a virtual at a higher port if it was used for an application or other server connection to get to.- JnonYou virtual is usually going to be 80 and or 443. Let the ltm route to the pool member at its port whatever it may be.
I would only have a virtual at a higher port if it was used for an application or other server connection to get to. - Elias_O_16228
F5 is terminating SSL. No encryption between F5 and Server
Client --> VS:8989 --> iRule redirecting to HTTPS (on 443) (This is working)
Client --> VS:443 - SSL terminated --> Pool Member:8989 (This is working)
This is what I need:
Client --> VS:80 --> iRule redirecting to HTTPS (on 443) SSL terminated --> Pool Member:8989 (This is not working) - What_Lies_Bene1OK, thanks. Do you get any kind of error? Can you post the redirect iRule code?
- Elias_O_16228If VS service port is 80 http, the redirect won't work. If it's 8989 other the redirect works.
Below is the redirect irule:
when HTTP_REQUEST {
Check if the client used an SSL cipher
if {not ([catch {SSL::cipher version} result]) && [string tolower $result] ne "none"}{
Client did use a cipher
log local0. "\$result: $result. Allowing encrypted request."
} else {
Client did not use a cipher
log local0. "\$result: $result. Redirecting unencrypted request. [HTTP::host][HTTP::uri]"
HTTP::respond 302 Location "https://[HTTP::host][HTTP::uri]"
}
} - What_Lies_Bene1
Is there a HTTP profile assigned to the VS? And/or a SSL profile?
Where is $result set?
- Elias_O_16228There is http profile and clientssl profile. Server ssl profile is none
I don't understand what you mean by "where is $result set". Do I need to include $Result Set" and where will that be in the irule?
