Forum Discussion

Rakeshvela_3309's avatar
Rakeshvela_3309
Icon for Nimbostratus rankNimbostratus
Aug 31, 2017

Redirect from Http to Https Not working

Hi All,

 

We have an VIP which listens on 443. When client initiates request to this VIP as http, we want to redirect it to Https. I have added the Policy as below. But when I add this, even the Https is failing to be accessed. Can someone please advise.

 

https://[getfield [HTTP::host] ":" 1][HTTP::uri]

 

Thanks

 

application delivery
BIG-IP
  • StuKirby_233899's avatar
    StuKirby_233899
    Aug 31, 2017

    Hi

     

    This is usually accomplished by having a second VIP using the same IP on HTTP with no pool associated but using the inbuilt iRule _sys_https_redirect

     

    when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } definition-signature mwyl4XlRKRMQc0prWs7RtpgPcNfocOKb+MaFwAnQgAuUZZyG68OaGZsOCN3poUOFdHOc6fk2XAdGRmTRiP/7BCT7thsOX5zLFzA1N1wcr57KWVzEZt3ezxVXn2Z974OmbWm7P5Lclcr7N3adrLJMWfyfPPVF1tUYn0IQPD2QNMmfbcbr1oCuO93n/5dn0s6/EacHZGG53hVibW7xQuJXdMtoQ6ArSZ4U3n4vCDTb6NLYbAj6PirVzKY2pcsWFHFUSVrphSFwERc8+0XGHUE6Cb3ihzygoZc2cQ5jk3frFY70MkDluPTShFRbHd7PlMPRezrfkVZVeUHA/iBPcYcD+w==

     

    This means when traffic hits your HTTP VIP the iRule redirects them to the same host on HTTPS which in turn sends the traffic to your HTTPS VIP

     

    Regards

     

    Stuart

     

  • StuKirby_233899's avatar
    StuKirby_233899
    Icon for Altostratus rankAltostratus
    Aug 31, 2017

    Hi

     

    This is usually accomplished by having a second VIP using the same IP on HTTP with no pool associated but using the inbuilt iRule _sys_https_redirect

     

    when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } definition-signature mwyl4XlRKRMQc0prWs7RtpgPcNfocOKb+MaFwAnQgAuUZZyG68OaGZsOCN3poUOFdHOc6fk2XAdGRmTRiP/7BCT7thsOX5zLFzA1N1wcr57KWVzEZt3ezxVXn2Z974OmbWm7P5Lclcr7N3adrLJMWfyfPPVF1tUYn0IQPD2QNMmfbcbr1oCuO93n/5dn0s6/EacHZGG53hVibW7xQuJXdMtoQ6ArSZ4U3n4vCDTb6NLYbAj6PirVzKY2pcsWFHFUSVrphSFwERc8+0XGHUE6Cb3ihzygoZc2cQ5jk3frFY70MkDluPTShFRbHd7PlMPRezrfkVZVeUHA/iBPcYcD+w==

     

    This means when traffic hits your HTTP VIP the iRule redirects them to the same host on HTTPS which in turn sends the traffic to your HTTPS VIP

     

    Regards

     

    Stuart

     

    • Rakeshvela_3309's avatar
      Rakeshvela_3309
      Icon for Nimbostratus rankNimbostratus
      Aug 31, 2017

      Thanks. It worked.

       

      IT is working as intended. But I have a question. We have a GTM with say mytest.com FQDN and the pool we mapped say 1.1.1.1 has service port as 443.

       

      Question: When we initiative a request to http://mytest.com ---> Why is the GTM accepting the request on port 80 when the service port is actually 443?

       

      Thanks

       

    • StuKirby_233899's avatar
      StuKirby_233899
      Icon for Altostratus rankAltostratus
      Aug 31, 2017

      Glad it worked.

       

      Not sure I understand the question. The redirect VIP will accept communication on port 80 and should change the users session to HTTPS in the address bar. So http://mytest.com changes to https://mytest.com . Does this happen?

       

      Thanks