Forum Discussion
Redirect from HTTP to HTTPS if SSL Profile exists on the HTTPS virtual server
We have several load balancers configured on this F5 using the following irule:
when HTTP_REQUEST { switch -glob [HTTP::uri] { "Redacted URI" { return } "Redacted URI" { return } "Redacted URI" { return } "Redacted URI" { return } "Redacted URI" { return } default { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } } }
This is applied to the HTTP Virtual server which successfully redirects all incoming requests that are HTTP to the HTTPS virtual server.
What we are needing now is a way to exempt the above from happening in the event that the virtual server with all of the ssl profiles does not actually have an SSL profile for the requested URI.
Outside of writing in an exemption for each URI, is there a way to look at the virtual server and verify the incoming URI does or does not have an ssl profile applied on the other virtual server?
6 Replies
- BenNoonan_35173
Nimbostratus
I believe this may work:
when HTTP_REQUEST { if { [SSL::mode] == 0} { HTTP::redirect http://[HTTP::host][HTTP::uri]} }
- Ravier_356281
Nimbostratus
I'm not sure that's what I'm looking for.
I already have the redirect working for everything that is http to be redirected as HTTPS.
What I need now is basically an exemption mechanism where if the request comes in, and there's no SSL profile for that URL, then to let it go through as HTTP.
- Ben_Noonan
Nimbostratus
I believe this may work:
when HTTP_REQUEST { if { [SSL::mode] == 0} { HTTP::redirect http://[HTTP::host][HTTP::uri]} }
- Ravier_356281
Nimbostratus
I'm not sure that's what I'm looking for.
I already have the redirect working for everything that is http to be redirected as HTTPS.
What I need now is basically an exemption mechanism where if the request comes in, and there's no SSL profile for that URL, then to let it go through as HTTP.
- Ravier_356281
Nimbostratus
Is there like a:
if URI match Profile redirect
else return
- JG
Cumulonimbus
You can put your list of the virtual servers without an SSL profile applied in a data group and check the incoming request against that.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com