Forum Discussion
Fletcher_Cocquy
Nimbostratus
NimbostratusiRule to tack on full domain
Fellow BigIP users,
we are looking for an iRule to rewrite unqualified domain requests to the FQDN.
This is coming from our security folks who would like the HTTPS requests to all be ful...
hoolio
Cirrostratus
CirrostratusWhich LTM version are you running? You could create a string type datagroup with the UQDNs and FQDNs on a line together. For v9.x, you can use the findclass command (Click here). For v10.x, you could use the new class command (Click here) or findclass to parse the datagroup and look up the requested hostname and get the corresponding FQDN.
Here is an example using a datagroup and the findclass command:
Datagroup (aka class in the bigip.conf)
Make sure to use lower case for the entries
class uqdn_to_fqdn_mapping {
"host1 host1.example.com"
"host2 host2.sub.example.com"
"host3 host3.another.example.com"
}
when HTTP_REQUEST {
Comment out or remove the logging once done testing
log local0. "[IP::client_addr]:[TCP::client_port]: New [HTTP::method] request to [HTTP::host][HTTP::uri]"
Check if requested host header does not contain at least one period
This will also avoid trying to redirect requests to IP addresses
if { not ([HTTP::host] contains ".")}{
log local0. "[IP::client_addr]:[TCP::client_port]: Host did not contain a period."
Look up the requested host in the datagroup
set fqdn [findclass [string tolower [HTTP::host]] $::uqdn_to_fqdn_mapping]
log local0. "[IP::client_addr]:[TCP::client_port]: Match? $fqdn"
If there was a match, send a 301 redirect to the client, preserving the URI
if {$fqdn ne ""}{
log local0. "[IP::client_addr]:[TCP::client_port]: Redirecting client to https://$fqdn[HTTP::uri]"
HTTP::respond 301 Location "https://$fqdn[HTTP::uri]"
}
}
}
Note, if you're on 9.4.4 or higher, remove the $:: from the name of the datagroup reference in the iRule (set fqdn [findclass [string tolower [HTTP::host]] uqdn_to_fqdn_mapping]).
Aaron
