Forum Discussion
Jace_45978
Nimbostratus
Nimbostratusmoving redirects from server to F5 irule
I have been tasked with putting irule on F5 which should do what the server does for redirects. Conditions from 80 to 443 or from 443 to 80
How would this translate into f5 lingo?
anything to get me rolling is much appreciated!!!
if hitting the VIP on port 443:
code from web server:
RewriteCond %{SERVER_PORT} =443
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteCond %{REQUEST_URI} /DealerNetwork/(.*)\.do(.*) [OR]
RewriteCond %{REQUEST_URI} /DealerNetwork/category/(.*)
RewriteCond %{THE_REQUEST} /DealerNetwork/login.do(.*)logout [OR]
RewriteCond %{REQUEST_URI} !/DealerNetwork/login.do(.*)
RewriteCond %{REQUEST_URI} !/DealerNetwork/registration.do(.*)
RewriteCond %{REQUEST_URI} !/DealerNetwork/forgotPasswd.do(.*)
RewriteCond %{REQUEST_URI} !/DealerNetwork/showProfile.do(.*)
RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [R,L]
Login, profile and registration pages should be secure. Logout is an exception
of login.do:
RewriteCond %{HTTPS} =off
RewriteCond %{SERVER_PORT} =80
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteCond %{THE_REQUEST} !/DealerNetwork/login.do(.*)logout
RewriteCond %{REQUEST_URI} /DealerNetwork/login.do(.*) [OR]
RewriteCond %{REQUEST_URI} /DealerNetwork/registration.do(.*) [OR]
RewriteCond %{REQUEST_URI} /DealerNetwork/forgotPasswd.do(.*) [OR]
RewriteCond %{REQUEST_URI} /DealerNetwork/showProfile.do(.*)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
anything to get me rolling is much appreciated!!!
4 Replies
- The_BhattmanTo handle redirects there are a number of ways to handle this.
One example is the followingwhen HTTP_REQUEST { if { ([HTTP::host] eq "www.something.com") and ([TCP::local_port] eq "80") and ([HTTP::method] eq "POST"}) } { switch -glob [HTTP::uri] { "/DealerNetwork/login*" - "/DealerNetwork/registration.do*" - "/DealerNetwork/forgotPasswd.do*" - "/DealerNetwork/showProfile.do*" { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } } } }
In regards to the https to HTTP. You would need to make the SSL Cert is with the LTM otherwise it won't decrypt
the traffic for you to use the irule similiar to above.
Of course this is just a example.
I hope this helps
CB 
Jace_45978thanks yes I believe this will get me going... for https to http we will be loading the CERT onto the LTM I will be testing with this soon.
thanks
hoolioCirrostratus
More generally, here are a few commands which correspond to the values you had in the apache rewrite rules:
SERVER_PORT[TCP::local_port] (Click here)
REQUEST_METHOD[HTTP::method] (Click here)
REQUEST_URI[HTTP::uri] (Click here)
Also, to get the path of the URI (URI minus query string), you can use [HTTP::path] (Click here).
Aaron- Jace_45978Thanks! This worked like a charm....
