Forum Discussion

Rakeshvela_3309's avatar
Rakeshvela_3309
Icon for Nimbostratus rankNimbostratus
Aug 31, 2017

Redirect from Http to Https Not working

Hi All,   We have an VIP which listens on 443. When client initiates request to this VIP as http, we want to redirect it to Https. I have added the Policy as below. But when I add this, even the H...
application delivery
BIG-IP
  • StuKirby_233899's avatar
    StuKirby_233899
    Aug 31, 2017

    Hi

     

    This is usually accomplished by having a second VIP using the same IP on HTTP with no pool associated but using the inbuilt iRule _sys_https_redirect

     

    when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } definition-signature mwyl4XlRKRMQc0prWs7RtpgPcNfocOKb+MaFwAnQgAuUZZyG68OaGZsOCN3poUOFdHOc6fk2XAdGRmTRiP/7BCT7thsOX5zLFzA1N1wcr57KWVzEZt3ezxVXn2Z974OmbWm7P5Lclcr7N3adrLJMWfyfPPVF1tUYn0IQPD2QNMmfbcbr1oCuO93n/5dn0s6/EacHZGG53hVibW7xQuJXdMtoQ6ArSZ4U3n4vCDTb6NLYbAj6PirVzKY2pcsWFHFUSVrphSFwERc8+0XGHUE6Cb3ihzygoZc2cQ5jk3frFY70MkDluPTShFRbHd7PlMPRezrfkVZVeUHA/iBPcYcD+w==

     

    This means when traffic hits your HTTP VIP the iRule redirects them to the same host on HTTPS which in turn sends the traffic to your HTTPS VIP

     

    Regards

     

    Stuart

     

StuKirby_233899's avatar
StuKirby_233899
Icon for Altostratus rankAltostratus
Aug 31, 2017

Hi

 

This is usually accomplished by having a second VIP using the same IP on HTTP with no pool associated but using the inbuilt iRule _sys_https_redirect

 

when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } definition-signature mwyl4XlRKRMQc0prWs7RtpgPcNfocOKb+MaFwAnQgAuUZZyG68OaGZsOCN3poUOFdHOc6fk2XAdGRmTRiP/7BCT7thsOX5zLFzA1N1wcr57KWVzEZt3ezxVXn2Z974OmbWm7P5Lclcr7N3adrLJMWfyfPPVF1tUYn0IQPD2QNMmfbcbr1oCuO93n/5dn0s6/EacHZGG53hVibW7xQuJXdMtoQ6ArSZ4U3n4vCDTb6NLYbAj6PirVzKY2pcsWFHFUSVrphSFwERc8+0XGHUE6Cb3ihzygoZc2cQ5jk3frFY70MkDluPTShFRbHd7PlMPRezrfkVZVeUHA/iBPcYcD+w==

 

This means when traffic hits your HTTP VIP the iRule redirects them to the same host on HTTPS which in turn sends the traffic to your HTTPS VIP

 

Regards

 

Stuart

 

  • Rakeshvela_3309's avatar
    Rakeshvela_3309
    Icon for Nimbostratus rankNimbostratus
    Aug 31, 2017

    Thanks. It worked.

     

    IT is working as intended. But I have a question. We have a GTM with say mytest.com FQDN and the pool we mapped say 1.1.1.1 has service port as 443.

     

    Question: When we initiative a request to http://mytest.com ---> Why is the GTM accepting the request on port 80 when the service port is actually 443?

     

    Thanks

     

  • StuKirby_233899's avatar
    StuKirby_233899
    Icon for Altostratus rankAltostratus
    Aug 31, 2017

    Glad it worked.

     

    Not sure I understand the question. The redirect VIP will accept communication on port 80 and should change the users session to HTTPS in the address bar. So http://mytest.com changes to https://mytest.com . Does this happen?

     

    Thanks