F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Jace_45978's avatar
Jace_45978
Icon for Nimbostratus rankNimbostratus
Oct 06, 2009

moving redirects from server to F5 irule

I have been tasked with putting irule on F5 which should do what the server does for redirects. Conditions from 80 to 443 or from 443 to 80

 

How would this translate into f5 lingo?

 

anything to get me rolling is much appreciated!!!

 

 

if hitting the VIP on port 443:

 

code from web server:

 

RewriteCond %{SERVER_PORT} =443

 

RewriteCond %{REQUEST_METHOD} !^POST$

 

RewriteCond %{REQUEST_URI} /DealerNetwork/(.*)\.do(.*) [OR]

 

RewriteCond %{REQUEST_URI} /DealerNetwork/category/(.*)

 

RewriteCond %{THE_REQUEST} /DealerNetwork/login.do(.*)logout [OR]

 

RewriteCond %{REQUEST_URI} !/DealerNetwork/login.do(.*)

 

RewriteCond %{REQUEST_URI} !/DealerNetwork/registration.do(.*)

 

RewriteCond %{REQUEST_URI} !/DealerNetwork/forgotPasswd.do(.*)

 

RewriteCond %{REQUEST_URI} !/DealerNetwork/showProfile.do(.*)

 

RewriteRule ^/(.*) http://%{SERVER_NAME}/$1 [R,L]

 

 

Login, profile and registration pages should be secure. Logout is an exception

 

of login.do:

 

RewriteCond %{HTTPS} =off

 

RewriteCond %{SERVER_PORT} =80

 

RewriteCond %{REQUEST_METHOD} !^POST$

 

RewriteCond %{THE_REQUEST} !/DealerNetwork/login.do(.*)logout

 

RewriteCond %{REQUEST_URI} /DealerNetwork/login.do(.*) [OR]

 

RewriteCond %{REQUEST_URI} /DealerNetwork/registration.do(.*) [OR]

 

RewriteCond %{REQUEST_URI} /DealerNetwork/forgotPasswd.do(.*) [OR]

 

RewriteCond %{REQUEST_URI} /DealerNetwork/showProfile.do(.*)

 

RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

 

 

anything to get me rolling is much appreciated!!!
application delivery
dev
devops
iRules

4 Replies

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Oct 06, 2009
    To handle redirects there are a number of ways to handle this.

    One example is the following 

     
  when HTTP_REQUEST {  
  if { ([HTTP::host] eq "www.something.com") and ([TCP::local_port] eq "80") and ([HTTP::method] eq "POST"}) } {  
  switch -glob [HTTP::uri] {  
  "/DealerNetwork/login*" - 
  "/DealerNetwork/registration.do*" -  
  "/DealerNetwork/forgotPasswd.do*" -  
  "/DealerNetwork/showProfile.do*"  
  { 
  HTTP::redirect "https://[HTTP::host][HTTP::uri]" 
  } 
  } 
  } 
  }

    In regards to the https to HTTP. You would need to make the SSL Cert is with the LTM otherwise it won't decrypt

    the traffic for you to use the irule similiar to above.

    Of course this is just a example.

    I hope this helps

    CB

  • Jace_45978's avatar
    Jace_45978
    Icon for Nimbostratus rankNimbostratus
    Oct 06, 2009
    thanks yes I believe this will get me going... for https to http we will be loading the CERT onto the LTM I will be testing with this soon.

     

    thanks

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 06, 2009
    More generally, here are a few commands which correspond to the values you had in the apache rewrite rules:

     

     

    SERVER_PORT[TCP::local_port] (Click here)

     

    REQUEST_METHOD[HTTP::method] (Click here)

     

    REQUEST_URI[HTTP::uri] (Click here)

     

     

    Also, to get the path of the URI (URI minus query string), you can use [HTTP::path] (Click here).

     

     

    Aaron