Forum Discussion
kalicut_48905
Nimbostratus
NimbostratusiRules HTTPS drop request
Hi,
We placed an iRule to redirect any traffic other than that comes to URI /PUBLIC/* to go thru HTTPS.
when HTTP_REQUEST {
if { not ([HTTP::uri] starts_with "/PUBLIC") } {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}
}
Requests to anything other than /PUBLIC* are being forced thr HTTPS correctly. But the problem is, http requests to /PUBLIC/* are being dropped instead of being serviced normally.
Please let me know if there is anything that i'm missing here.
Thanks,
Ram
2 Replies
hoolioCirrostratus
Hi Ram,
Do you have this iRule added to the HTTP VIP? Do you have a default pool on the HTTP VIP?
Can you add logging to the iRule:when HTTP_REQUEST { log local0. "[IP::client_addr]:[TCP::client_port]: New HTTP request to [HTTP::host][HTTP::uri]" Check if requested path does not start with /PUBLIC if { not ([HTTP::path] starts_with "/PUBLIC") } { log local0. "[IP::client_addr]:[TCP::client_port]: Redirecting to https://[HTTP::host][HTTP::uri]" Redirect non-public requests to the same host/URI but via https HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }
One thing to be aware of is if you're trying to prevent a client from submitting sensitive data via HTTP and the client is being directed to make a request via HTTP (ex: form action=http://...) they'll already have exposed the sensitive data by the time you redirect them to HTTPS.
Aaron
kalicut_48905Thank you Aaron. One of our F5 admins accidentally deleted the default.
Ram
