For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ema_128890's avatar
ema_128890
Icon for Nimbostratus rankNimbostratus
Jun 29, 2016

Multiple http to https redirects

I have a VS setup with Layer 4 Performance and listening on https. I would like to redirect multiple sites to our internal servers. Here is what I have so far for one of the site.   when HTTP_RE...
application delivery
iRules
LTM
Yann_Desmarest's avatar
Yann_Desmarest
Icon for Cirrus rankCirrus
Jun 29, 2016

Hi,

Here the working irule : 

when HTTP_REQUEST { 
    switch -glob [string tolower [HTTP::host]] { 
        "123.abc.com*" { 
            HTTP::redirect "https://server1/reports" 
        } 
    } 
}

If you need to redirect the user to server1, you need the 

HTTP::redirect
or 
HTTP::respond
commands.

But if you need to forward the traffic to server1, you will need to add the following command : 

node server1 443

  • ema_128890's avatar
    ema_128890
    Icon for Nimbostratus rankNimbostratus
    Jun 29, 2016
    Thank you for the quick reply. I have tested the irule and it is still not working. Maybe to give further information is that the ssl is pass-through to the web server.
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jun 29, 2016
    I forget to mentioned that I think HTTP events are not available when you have a Performance L4 VS. You need to configure a Standard VS with SSL bridging (clientssl and serverssl profiles)
  • Scott_Hopkins_8's avatar
    Scott_Hopkins_8
    Icon for Nimbostratus rankNimbostratus
    Jun 29, 2016
    That correct. You don't get HTTP events (L7) with a L4 VS.
  • ema_128890's avatar
    ema_128890
    Icon for Nimbostratus rankNimbostratus
    Jun 29, 2016
    I have changed the VS to a standard VS. Would I still need the ssl bridging if I'm not off loading the ssl to the F5? I was testing by just putting this one server into a pool and not setting any ssl settings on the VS it gets redirected correctly but when I use the irule it just say establishing secure connection and fail.
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jun 29, 2016
    If your service is https, so you need to decrypt ssl and add an http profile on the Virtual Server. Without those configuration set up, you will probably have tcp reset
  • ema_128890's avatar
    ema_128890
    Icon for Nimbostratus rankNimbostratus
    Jun 29, 2016
    This is really giving me a headache. Here is what I have so far. I have http profile and the default serverssl in the server profile. This will work if i put the server in a pool when I go to https://123.abc.com/reports but when I use the irule above it just error timeout on me. Thanks again for the help. I'm just starting out on this with little to no training on the F5.
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jun 29, 2016
    Try installing fiddler, httpwatch or use Developer tools (F12) of your browser to troubleshoot the issue on the client side
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jun 29, 2016
    Can you make sure that you can resolve server1 from your browser ? and did you checked that you can access your backend server from the client station ?