Forum Discussion
NimbostratusNeed help in Irule redirection for multiple sites.
in our setup we have sites which are accessed by internal users as well as internet users via http and https. so we have created 4 VS (2 internal VS, one for http and one for https for internal users) and (2 for internet users 1 for http and one for https). our requirement is any lan user access sites via http than it should be http if lan users type https than it should redirect to http. similarly if any internet users access sites via http than it should redirect to https. this is done by 1 irule one for http to https redirection.
when RULE_INIT { set static::bsint "internet.abc.com" set static::sitesint "sites.internet.abc.com"
} when HTTP_REQUEST { if {[class match [IP::client_addr] equals InternalHosts]} { HTTP::redirect http://[HTTP::host][HTTP::uri] } else { switch -glob -- [string tolower [HTTP::host]] { "sites.abc.com" { HTTP::header replace Host $static::sitesint STREAM::disable } "abc.com" { HTTP::header replace Host $static::bsint STREAM::disable } } } } when HTTP_RESPONSE { if {[HTTP::is_redirect] && [string tolower [HTTP::header "Location"]] contains $static::sitesint}{ HTTP::header replace Location [string map "$static::sitesint $static::sitesext" [HTTP::header Location]] }
elseif {[HTTP::is_redirect] && [string tolower [HTTP::header "Location"]] contains $static::bsint}{ HTTP::header replace Location [string map "$static::bsint $static::bsext" [HTTP::header Location]]
}
in addition to it i need to redirect below redirection in same irule please guide me how to do this.
if any one access from internet to the below url
https://asites.abc.com/xyz/finance
than it should redirect to
http://asites.internet.abc.com/sites/finance
and many more sites like this.
please some one help me in this.thank you in advance.
53 Replies
nitass_89166Noctilucent
our requirement is any lan user access sites via http than it should be http if lan users type https than it should redirect to http. similarly if any internet users access sites via http than it should redirect to https.
can't we just use simple http/https redirection?
for example, https redirection in internet http virtual server
HTTP::redirect https://[HTTP::host][HTTP::uri]http redirection in internal https virtual server.
HTTP::redirect http://[HTTP::host][HTTP::uri]in addition to it i need to redirect below redirection in same irule please guide me how to do this.
is it something like this?
internet https virtual server when HTTP_REQUEST { if { [HTTP::host] equals "asites.abc.com" and [HTTP::uri] equals "/xyz/finance" } { HTTP::redirect "http://asites.internet.abc.com/sites/finance" } }
ShakN_167332thank you let me try this and i will get back to you.- ShakN_167332hi nitass, i will next this config by tomorow. i need help on other sites which has to be redirected similarly. when HTTP_REQUEST { if { [HTTP::host] equals "asites.abc.com" and [HTTP::uri] equals "/xyz/finance" } { HTTP::redirect "http://asites.internet.abc.com/sites/finance" } if { [HTTP::host] equals "asites.abc.com" and [HTTP::uri] equals "/xyz/budget" } { HTTP::redirect "http://asites.internet.abc.com/sites/budget" } } Can i do like this for 22 sites or else if there any other way.
- nitass
Employee
our requirement is any lan user access sites via http than it should be http if lan users type https than it should redirect to http. similarly if any internet users access sites via http than it should redirect to https.
can't we just use simple http/https redirection?
for example, https redirection in internet http virtual server
HTTP::redirect https://[HTTP::host][HTTP::uri]http redirection in internal https virtual server.
HTTP::redirect http://[HTTP::host][HTTP::uri]in addition to it i need to redirect below redirection in same irule please guide me how to do this.
is it something like this?
internet https virtual server when HTTP_REQUEST { if { [HTTP::host] equals "asites.abc.com" and [HTTP::uri] equals "/xyz/finance" } { HTTP::redirect "http://asites.internet.abc.com/sites/finance" } }- ShakN_167332thank you let me try this and i will get back to you.
- ShakN_167332hi nitass, i will next this config by tomorow. i need help on other sites which has to be redirected similarly. when HTTP_REQUEST { if { [HTTP::host] equals "asites.abc.com" and [HTTP::uri] equals "/xyz/finance" } { HTTP::redirect "http://asites.internet.abc.com/sites/finance" } if { [HTTP::host] equals "asites.abc.com" and [HTTP::uri] equals "/xyz/budget" } { HTTP::redirect "http://asites.internet.abc.com/sites/budget" } } Can i do like this for 22 sites or else if there any other way.
- nitass_89166
Can i do like this for 22 sites or else if there any other way.
you can simplify it using data group. Kevin gave sample irule in the thread below.
HTTP::redirect question using datagroup
https://devcentral.f5.com/questions/httpredirect-question-using-datagrouphope this helps.
- ShakN_167332am sorry but i dint get it how to implement this.
- ShakN_167332hi nitass, can you give a sample config so that i will modify the configuraiton for my req.
- nitass
Can i do like this for 22 sites or else if there any other way.
you can simplify it using data group. Kevin gave sample irule in the thread below.
HTTP::redirect question using datagroup
https://devcentral.f5.com/questions/httpredirect-question-using-datagrouphope this helps.
- ShakN_167332am sorry but i dint get it how to implement this.
- ShakN_167332hi nitass, can you give a sample config so that i will modify the configuraiton for my req.
- nitass_89166
e.g.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 70 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm data-group internal redirect_class ltm data-group internal redirect_class { records { asites.abc.com/xyz/budget { data http://asites.internet.abc.com/sites/budget } asites.abc.com/xyz/finance { data http://asites.internet.abc.com/sites/finance } } type string } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when HTTP_REQUEST { log local0. "\[HTTP::host\] is [HTTP::host]" log local0. "\[HTTP::uri\] is [HTTP::uri]" log local0. "\[class match -- [HTTP::host][HTTP::uri] equals redirect_class\] is \ [class match -- [HTTP::host][HTTP::uri] equals redirect_class]" if { [class match -- [HTTP::host][HTTP::uri] equals redirect_class] } { log local0. "\[class match -value [HTTP::host][HTTP::uri] equals redirect_class\] is \ [class match -value [HTTP::host][HTTP::uri] equals redirect_class]" HTTP::redirect [class match -value [HTTP::host][HTTP::uri] equals redirect_class] } } } test [root@centos1 ~] curl -I http://asites.abc.com/xyz/finance HTTP/1.0 302 Found Location: http://asites.internet.abc.com/sites/finance Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@centos1 ~] curl -I http://asites.abc.com/xyz/budget HTTP/1.0 302 Found Location: http://asites.internet.abc.com/sites/budget Server: BigIP Connection: Keep-Alive Content-Length: 0 /var/log/ltm [root@ve11a:Active:In Sync] config tail -f /var/log/ltm Aug 24 06:33:34 ve11a info tmm[29362]: Rule /Common/qux : [HTTP::host] is asites.abc.com Aug 24 06:33:34 ve11a info tmm[29362]: Rule /Common/qux : [HTTP::uri] is /xyz/finance Aug 24 06:33:34 ve11a info tmm[29362]: Rule /Common/qux : [class match -- asites.abc.com/xyz/finance equals redirect_class] is 1 Aug 24 06:33:34 ve11a info tmm[29362]: Rule /Common/qux : [class match -value asites.abc.com/xyz/finance equals redirect_class] is http://asites.internet.abc.com/sites/finance Aug 24 06:33:46 ve11a info tmm1[29362]: Rule /Common/qux : [HTTP::host] is asites.abc.com Aug 24 06:33:46 ve11a info tmm1[29362]: Rule /Common/qux : [HTTP::uri] is /xyz/budget Aug 24 06:33:46 ve11a info tmm1[29362]: Rule /Common/qux : [class match -- asites.abc.com/xyz/budget equals redirect_class] is 1 Aug 24 06:33:46 ve11a info tmm1[29362]: Rule /Common/qux : [class match -value asites.abc.com/xyz/budget equals redirect_class] is http://asites.internet.abc.com/sites/budget- ShakN_167332am trying to create a data group in my device which is running 10.2.4 build 817 can you please help help how to configure in this. of else cli cmd for tmsh.
- nitass
e.g.
config root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 70 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm data-group internal redirect_class ltm data-group internal redirect_class { records { asites.abc.com/xyz/budget { data http://asites.internet.abc.com/sites/budget } asites.abc.com/xyz/finance { data http://asites.internet.abc.com/sites/finance } } type string } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when HTTP_REQUEST { log local0. "\[HTTP::host\] is [HTTP::host]" log local0. "\[HTTP::uri\] is [HTTP::uri]" log local0. "\[class match -- [HTTP::host][HTTP::uri] equals redirect_class\] is \ [class match -- [HTTP::host][HTTP::uri] equals redirect_class]" if { [class match -- [HTTP::host][HTTP::uri] equals redirect_class] } { log local0. "\[class match -value [HTTP::host][HTTP::uri] equals redirect_class\] is \ [class match -value [HTTP::host][HTTP::uri] equals redirect_class]" HTTP::redirect [class match -value [HTTP::host][HTTP::uri] equals redirect_class] } } } test [root@centos1 ~] curl -I http://asites.abc.com/xyz/finance HTTP/1.0 302 Found Location: http://asites.internet.abc.com/sites/finance Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@centos1 ~] curl -I http://asites.abc.com/xyz/budget HTTP/1.0 302 Found Location: http://asites.internet.abc.com/sites/budget Server: BigIP Connection: Keep-Alive Content-Length: 0 /var/log/ltm [root@ve11a:Active:In Sync] config tail -f /var/log/ltm Aug 24 06:33:34 ve11a info tmm[29362]: Rule /Common/qux : [HTTP::host] is asites.abc.com Aug 24 06:33:34 ve11a info tmm[29362]: Rule /Common/qux : [HTTP::uri] is /xyz/finance Aug 24 06:33:34 ve11a info tmm[29362]: Rule /Common/qux : [class match -- asites.abc.com/xyz/finance equals redirect_class] is 1 Aug 24 06:33:34 ve11a info tmm[29362]: Rule /Common/qux : [class match -value asites.abc.com/xyz/finance equals redirect_class] is http://asites.internet.abc.com/sites/finance Aug 24 06:33:46 ve11a info tmm1[29362]: Rule /Common/qux : [HTTP::host] is asites.abc.com Aug 24 06:33:46 ve11a info tmm1[29362]: Rule /Common/qux : [HTTP::uri] is /xyz/budget Aug 24 06:33:46 ve11a info tmm1[29362]: Rule /Common/qux : [class match -- asites.abc.com/xyz/budget equals redirect_class] is 1 Aug 24 06:33:46 ve11a info tmm1[29362]: Rule /Common/qux : [class match -value asites.abc.com/xyz/budget equals redirect_class] is http://asites.internet.abc.com/sites/budget- ShakN_167332am trying to create a data group in my device which is running 10.2.4 build 817 can you please help help how to configure in this. of else cli cmd for tmsh.
- nitass
am trying to create a data group in my device which is running 10.2.4 build 817 can you please help help how to configure in this. of else cli cmd for tmsh.
e.g.
root@ve10(Active)(tmos) show sys version |grep -A 6 Main\ Package Main Package Product BIG-IP Version 10.2.4 Build 817.0 Edition Hotfix HF7 Date Mon May 20 15:08:56 PDT 2013 root@ve10(Active)(tmos) create ltm data-group redirect_class type string records add { asites.abc.com/xyz/budget { data http://asites.internet.abc.com/sites/budget } asites.abc.com/xyz/finance { data http://asites.internet.abc.com/sites/finance } } root@ve10(Active)(tmos) list ltm data-group redirect_class ltm data-group redirect_class { records { asites.abc.com/xyz/budget { data http://asites.internet.abc.com/sites/budget } asites.abc.com/xyz/finance { data http://asites.internet.abc.com/sites/finance } } type string }- ShakN_167332when HTTP_REQUEST { if { [HTTP::host] equals "asites.abc.com" } { if { class match [HTTP::uri] equals test } { HTTP::redirect "http://asites.internet.abc.com[class lookup [HTTP::uri] test]" } } }
- ShakN_167332will this be the correct way to call my data group test. ltm data-group test { records { asites.abc.com/xyz/finance { data http://asites.internet.abc.com/sites/finance } asites.abc.com/xyz/supplychain { data http://asites.internet.abc.com/sites/supplychain } } type string }
- nitassin Yann approach, data group only contain uri part (e.g. /xyz/finance /sites/finance, /xyz/supplychain /sites/supplychain).
- nitass_89166
am trying to create a data group in my device which is running 10.2.4 build 817 can you please help help how to configure in this. of else cli cmd for tmsh.
e.g.
root@ve10(Active)(tmos) show sys version |grep -A 6 Main\ Package Main Package Product BIG-IP Version 10.2.4 Build 817.0 Edition Hotfix HF7 Date Mon May 20 15:08:56 PDT 2013 root@ve10(Active)(tmos) create ltm data-group redirect_class type string records add { asites.abc.com/xyz/budget { data http://asites.internet.abc.com/sites/budget } asites.abc.com/xyz/finance { data http://asites.internet.abc.com/sites/finance } } root@ve10(Active)(tmos) list ltm data-group redirect_class ltm data-group redirect_class { records { asites.abc.com/xyz/budget { data http://asites.internet.abc.com/sites/budget } asites.abc.com/xyz/finance { data http://asites.internet.abc.com/sites/finance } } type string }- ShakN_167332when HTTP_REQUEST { if { [HTTP::host] equals "asites.abc.com" } { if { class match [HTTP::uri] equals test } { HTTP::redirect "http://asites.internet.abc.com[class lookup [HTTP::uri] test]" } } }
- ShakN_167332will this be the correct way to call my data group test. ltm data-group test { records { asites.abc.com/xyz/finance { data http://asites.internet.abc.com/sites/finance } asites.abc.com/xyz/supplychain { data http://asites.internet.abc.com/sites/supplychain } } type string }
- nitass_89166in Yann approach, data group only contain uri part (e.g. /xyz/finance /sites/finance, /xyz/supplychain /sites/supplychain).
- nitass_89166
just a few comments.
-
HTTP::host returns fqdn part only (e.g. asites.abc.com). uri is returned by HTTP::uri (e.g. /bseu/finance).
-
glob option can be removed if not used.
- i understand this irule will be assigned to internet https virtual server (you mentioned you separate http and https virtual server). so, no need to check whether it is http or https.
when HTTP_REQUEST { if {[class match [IP::client_addr] equals InternalHosts]} { HTTP::redirect http://[HTTP::host][HTTP::uri] } else { switch -- [string tolower [HTTP::host][HTTP::uri]] { "asites.abc.com/bseu/finance" { HTTP::redirect "http://asites.internet.abc.com/sites/finance" } } } }- ShakN_16733201070151:3: Rule [test] error: line 3: [parse error: PARSE syntax 104 {syntax error in expression " class match [HTTP::uri] equals test ": variable references require preceding $}] [{ class match [HTTP::uri] equals test }]
-
- nitass
just a few comments.
-
HTTP::host returns fqdn part only (e.g. asites.abc.com). uri is returned by HTTP::uri (e.g. /bseu/finance).
-
glob option can be removed if not used.
- i understand this irule will be assigned to internet https virtual server (you mentioned you separate http and https virtual server). so, no need to check whether it is http or https.
when HTTP_REQUEST { if {[class match [IP::client_addr] equals InternalHosts]} { HTTP::redirect http://[HTTP::host][HTTP::uri] } else { switch -- [string tolower [HTTP::host][HTTP::uri]] { "asites.abc.com/bseu/finance" { HTTP::redirect "http://asites.internet.abc.com/sites/finance" } } } }- ShakN_16733201070151:3: Rule [test] error: line 3: [parse error: PARSE syntax 104 {syntax error in expression " class match [HTTP::uri] equals test ": variable references require preceding $}] [{ class match [HTTP::uri] equals test }]
-
