Forum Discussion

kalicut_48905's avatar
kalicut_48905
Icon for Nimbostratus rankNimbostratus
Feb 26, 2009

iRules HTTPS drop request

Hi,

 

We placed an iRule to redirect any traffic other than that comes to URI /PUBLIC/* to go thru HTTPS.

 

 

when HTTP_REQUEST {

 

if { not ([HTTP::uri] starts_with "/PUBLIC") } {

 

HTTP::redirect "https://[HTTP::host][HTTP::uri]"

 

}

 

}

 

 

Requests to anything other than /PUBLIC* are being forced thr HTTPS correctly. But the problem is, http requests to /PUBLIC/* are being dropped instead of being serviced normally.

 

 

Please let me know if there is anything that i'm missing here.

 

 

Thanks,

 

Ram
application delivery
dev
devops
iRules
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 26, 2009
    Hi Ram,

    Do you have this iRule added to the HTTP VIP? Do you have a default pool on the HTTP VIP?

    Can you add logging to the iRule: 

     
 when HTTP_REQUEST { 
  
    log local0. "[IP::client_addr]:[TCP::client_port]: New HTTP request to [HTTP::host][HTTP::uri]" 
  
     Check if requested path does not start with /PUBLIC 
    if { not ([HTTP::path] starts_with "/PUBLIC") } { 
  
       log local0. "[IP::client_addr]:[TCP::client_port]: Redirecting to https://[HTTP::host][HTTP::uri]" 
  
        Redirect non-public requests to the same host/URI but via https 
       HTTP::redirect "https://[HTTP::host][HTTP::uri]" 
    } 
 }

    One thing to be aware of is if you're trying to prevent a client from submitting sensitive data via HTTP and the client is being directed to make a request via HTTP (ex: form action=http://...) they'll already have exposed the sensitive data by the time you redirect them to HTTPS.

    Aaron
  • kalicut_48905's avatar
    kalicut_48905
    Icon for Nimbostratus rankNimbostratus
    Mar 06, 2009
    Thank you Aaron. One of our F5 admins accidentally deleted the default.

     

     

    Ram