Forum Discussion
sterreta_87927
Nimbostratus
NimbostratusMy iRule is creating a redirect loop!
I have a LTM virtual server that receives port 80 traffic and redirects it via a HTTP Class Profile to HTTPS and my port 443 virtual server. I am having trouble handling incoming URI's failing. I am trying to change the path for an incoming host request so that the existing path is replaced with "/wfc/navigator/logonWithUID"
This is the rule I came up with. It works with all of my test URL's in that it rewrites the path correctly (as seen in the web browser address bar), but it has a redirect loop and never gets past the virtual server to the Pool. Log checks confirm the looping
when HTTP_REQUEST {
if {[HTTP::host] contains "timesheet"} {
HTTP::uri "/wfc/navigator/logonWithUID"
log local0.info "why wont you work"
}
}
These are my test URL's:
http://timesheet.widget.com
http://timesheet.widget.com/
https://timesheet.widget.com
https://timesheet.widget.com/
http://timesheet.widget.com/wfc/logon
http://timesheet.widget.com/wfc/logon/
https://timesheet.widget.com/wfc/logon
https://timesheet.widget.com/wfc/logon/
I just cannot figure out the looping. Any help is much appreciated.
7 Replies
Hannes_Rapp_162Nacreous
Using the solution above user won't see the remapped URI in the browser bar, this is a silent method as the header replacement happens in F5 without user's having any awareness of the modifications made. As it's a redirect to another service (from HTTP to HTTPS), you might be better off trying something as follows: when HTTP_REQUEST { if {[HTTP::host] contains "timesheet"} { HTTP::respond 302 Location "https://[HTTP::host]/wfc/navigator/logonWithUID" event disable all TCP::close log local0.info "Redirected [IP::client_addr] to https://[HTTP::host]/wfc/navigator/logonWithUID" } } Also, can you please provide outputs from the commands below: 1) (From any device besides F5) curl -vI https://your-service.com 2) (From F5) curl -vI http://pool-member:xxxx
sterreta_87927Thank you for your time and attention. I tried the iRule script provided above. The browser responded with "Internet Explorer cannot display the webpage" and the address in the address bar did not change from the test URL entered. The F5 log had the following message repeated dozens of times: "Rule ir_timesheet-test_HTTPStoHTTPS_URI_ADD : Redirected 10.220.188.89 to https://uslv-timesheet-test.xxxxx.com/wfc/navigator/logonWithUID" How do I use the curl statements to provide the output you are requesting?- Hannes_Rapp_162Perhaps the server responds back with a redirect from HTTPS location to a HTTP location? E.g. - F5 redirects to: https://uslv-timesheet-test.xxxxx.com/wfc/navigator/logonWithUID - Server redirects to http://whatever - F5 redirects to: https://uslv-timesheet-test.xxxxx.com/wfc/navigator/logonWithUID - Server redirects to http://whatever ... You can test that with a "firebug" add-on (Firefox) or developer tools (Chrome) Alternatively, you can use the cURL method I suggested (requires UNIX/Linux OS): "curl -vI https://uslv-timesheet-test.xxxxx.com/wfc/navigator/logonWithUID" (paste all output here)
- Hannes_Rapp
Using the solution above user won't see the remapped URI in the browser bar, this is a silent method as the header replacement happens in F5 without user's having any awareness of the modifications made. As it's a redirect to another service (from HTTP to HTTPS), you might be better off trying something as follows: when HTTP_REQUEST { if {[HTTP::host] contains "timesheet"} { HTTP::respond 302 Location "https://[HTTP::host]/wfc/navigator/logonWithUID" event disable all TCP::close log local0.info "Redirected [IP::client_addr] to https://[HTTP::host]/wfc/navigator/logonWithUID" } } Also, can you please provide outputs from the commands below: 1) (From any device besides F5) curl -vI https://your-service.com 2) (From F5) curl -vI http://pool-member:xxxx- sterreta_87927Thank you for your time and attention. I tried the iRule script provided above. The browser responded with "Internet Explorer cannot display the webpage" and the address in the address bar did not change from the test URL entered. The F5 log had the following message repeated dozens of times: "Rule ir_timesheet-test_HTTPStoHTTPS_URI_ADD : Redirected 10.220.188.89 to https://uslv-timesheet-test.xxxxx.com/wfc/navigator/logonWithUID" How do I use the curl statements to provide the output you are requesting?
- Hannes_RappPerhaps the server responds back with a redirect from HTTPS location to a HTTP location? E.g. - F5 redirects to: https://uslv-timesheet-test.xxxxx.com/wfc/navigator/logonWithUID - Server redirects to http://whatever - F5 redirects to: https://uslv-timesheet-test.xxxxx.com/wfc/navigator/logonWithUID - Server redirects to http://whatever ... You can test that with a "firebug" add-on (Firefox) or developer tools (Chrome) Alternatively, you can use the cURL method I suggested (requires UNIX/Linux OS): "curl -vI https://uslv-timesheet-test.xxxxx.com/wfc/navigator/logonWithUID" (paste all output here)
ArieAltostratus
curl -I http://timesheet.widget.com/wfc/logonAlso, make sure you don't assign Hannes' rule to both VIPs (for 80 and 443).
