Forum Discussion
NimbostratusRediect http to https on a non-standard port when LTM has the SSL Client profile
NimbostratusI have the same requirement, if user try the URL with HTTPS, no change in URL. If user try to access with HTTP, should redirect to https, I am also using non-standard port URLS.
https://abc.com:8888 ==> no change
http://abc.com:8888 ==> redicet to https://abc.com:8888
With below config its perfectly working fine.
I have created SSL Client profile with allowing Non-SSL Connections ( You need to modify default config) I have created VIP with 8888 port and use SSL client profile Configure below iRule
when HTTP_REQUEST {
if { [URI::protocol [HTTP::uri]] eq "http" } {
HTTP::redirect https://[getfield [HTTP::host] ":" 1]:[TCP::local_port][HTTP::uri]
}
}
- svs
Cirrostratus
This iRule cannot work as described. HTTP::uri only contains the URI, which means only the part after the host within the URL. There will never be a scheme, which may be processed by URI::protocol. In the F5 docs the word URI is often mixed up with URL, which is just wrong. So in the docs for URI::protocol it needs "uri" as parameter, but in the exmaples URLs are given in a list. HTTP::uri will not work here.
I've did some tests in my lab (TMOS 13.1.x) to proove this behavior, because I needed this behavior. I came up with the following iRule:
when CLIENT_ACCEPTED { set DEBUG 1 set ConnectionProtocol "http" } when CLIENTSSL_HANDSHAKE { set ConnectionProtocol "https" } when HTTP_REQUEST { if { $ConnectionProtocol eq "http" } { if {$DEBUG} {log local0. "Redirecting non-SSL connection (Check: $ConnectionProtocol) for [HTTP::host] on URI [HTTP::uri] to HTTPS."} HTTP::redirect https://[getfield [HTTP::host] ":" 1]:[TCP::local_port][HTTP::uri] } else { if {$DEBUG} {log local0. "SSL connection ($ConnectionProtocol) for [HTTP::host] on URI [HTTP::uri]. No action required."} } }This works perfectly for me.
Cheers,
svs
