For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mike_59458's avatar
Mike_59458
Icon for Nimbostratus rankNimbostratus
Jul 21, 2011

Redirect connection in virtual server

I am looking to prevent a HTTPS request that ends in /owa (ie HTTPS://APP.Domain.com/OWA) to access the application (Exchange 2010). We are preventing using Microsoft Outlook Web Access /OWA from being accessed from outside our environment. We would like to redirect the request to the approved access portal (ie HTTPS://remote.domain.com). Once logged into the remote application users can access the Exchange OWA.

 

 

The only protocol that will be allowed is Exchange Activesync

 

 

I am thinking:

 

 

iRule to select pool and persistence for Active Sync.

 

All other protocol redirected to remote.dot.gov

 

when HTTP_REQUEST {

 

log local0.info "path = [HTTP::path] "

 

switch -glob [HTTP::path] {

 

 

"/Microsoft-Server-ActiveSync*" {

 

Direct all ActiveSync clients to a common pool; use

 

HTTP cookie persistence

 

persist cookie

 

pool Exch2010__single_as_pool

 

 

}

 

 

default {

 

This final section takes all non ActiveSync traffic

 

and redirect it to remote.dot.gov

 

HTTP::redirect https://[https::host][https::uri]

 

}

 

}

 

}

 

 

I am seeing the problem at the HTTP::redirect line. How do I configure the redirect line to go to HTTPS://remote.domain.com?

 

 

Mike Bednarck

 

 

application delivery
dev
devops
iRules

5 Replies

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Jul 21, 2011
    Hi Mike,

    https::host and https::uri do not exist. Click Here to see the valid commands.

    I am assuming that SSL is being terminated at the F5.

    That being said I think you can re-write the statement to the following : 

    HTTP::redirect "https://[HTTP::host]/[HTTP::uri]"

    I hope this helps

    Bhattman
  • Mike_59458's avatar
    Mike_59458
    Icon for Nimbostratus rankNimbostratus
    Jul 21, 2011
    Bhattman,

     

     

    Okay now I don’t understand. The protocol "/Microsoft-Server-ActiveSync” we want to accept and pass through but redirect everything else to Remote.domain.com (with no extension after the .com). The pool and persist cookie (in fact the whole IF "/Microsoft-Server-ActiveSync” was pulled from a working iRule.

     

     

    If the request falls through the "/Microsoft-Server-ActiveSync” then I would like a redirect.

     

     

    Mike Bednarck

     

  • Mike_59458's avatar
    Mike_59458
    Icon for Nimbostratus rankNimbostratus
    Jul 21, 2011
    Bhattman,

     

     

    With the

     

     

    HTTP::redirect "https://[HTTP::host]/[HTTP::uri]" Do I put the remote.domain.com where the host is?

     

     

    Mike Bednarck

     

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Jul 21, 2011
    Hi Mike,

     

    Yes you can rewrite if you want to be more explicit

     

     

    HTTP::redirect "https://remote.domain.com/"

     

     

    Bhattman

     

  • Austin_Geraci's avatar
    Austin_Geraci
    Icon for MVP rankMVP
    Jul 23, 2011
    Hey Mike, just to clarify if you were to use "https://[HTTP::host]/[HTTP::uri]" you're going to redirect to the same host and uri you're currently conected to..... on HTTPS

     

    Something like that is usefull when you want to redirect http to https traffic...among other things.

     

     

    Also, there is an extra "/" in there.. though it will probably work you don't need it..