Is it possible to attach an irule to an HTTPS virtual server ?

As long as you're doing SSL Offload (Or re-encryption), then you can put an iRule on that will respond to the HTTP requests (The SSLCLient Profile is needed to decrypt & encrypt the stream between the BigIP and the client).

Or were you asking about the iRUle for the HTTP to https? (That's a built-in iRule BTW in 11.something onwards).

H

Can you clarify a bit, your heading is a little contrary to what you wrote up.. Sounds like you just want to redirect users to the secure site, and also serve up a maintenance page, but when do you want to serve up the maintenance page? when no pool members are available?

Yes it's absolutely possible.. you'll need two different Virtual servers, one listening on 80 one listening on 443.. the 80 vs doesn't need anything attached to it, just the http 2 https irule. As Hamish mentioned, you will need to terminate SSL on the 443 VIP to do the more involved irule..

Hi, I want the serve up the maintenance page when no pool members are available ? Since we already have http to https redirect irule attached to the port 80 virtual server, I don't know how to combine the two irules into one.

Will I be able to make it work by attaching a seperat maintenance page irule to the port 443 virtual server ?

Thanks.

I was asking about attaching an irule to the HTTPS virtual server. The irule should server up a page to users when all pool memebers are down ?

I was asking about attaching an irule to the HTTPS virtual server. The irule should server up a page to users when all pool memebers are down ?

You wouldn't combine iRules. Have your HTTP to HTTPS redirect rule on your 80 virtual server. The maintenance page will only work if you are terminating SSL on the 443 virtual server. If so, then you could either use an iRule or configure a fallback host in your HTTP profile.

Hi,

I currently have the http-to-https irule attached to the port 80 VIP and it works perfectly. I have a second irule attached to the HTTPS VIP but it does not work.

Below is the irule : when HTTP_REQUEST {

sets the timer to return client to host URL set stime 10

Use the Host header value for the responses if it's set. If not, use the VIP address. if {[string length [HTTP::host]]}{ set host [HTTP::host] } else { set host [IP::local_addr] }

Check if the URI is /maintenance switch [HTTP::uri] { "/maintenance" {

      Send an HTTP 200 response with a Javascript meta-refresh pointing to the host using a refresh time
     HTTP::respond 200 content \

"Maintenance page \

" "Content-Type" "text/html" return } } If the pool_testLB is down, redirect to the maintenance page if { [active_members pool_testLB] < 1 } { HTTP::redirect "http://$host/maintenance" return } }

Kareem, do you have a client SSL profile applied to your 443 virtual server? If not, then your iRule will not work. Can you please post your 443 virtual server config?

maximo_qa_redirect_vs - this is the port 80 VIP maximo_qa_redirect - this is th HTTP-to-HTTPS redirct irule maximo_qa_vs - this is the port 444 VIP ( there is SSL client profile attached ) maximo_qa_pool( 5 members in the pool on various ports ) No SSL encryption on the back end between the F5 and servers.

Sorry for the typo, I meant port 443 VIP.