Forum Discussion

Azlan_181023's avatar
Azlan_181023
Icon for Nimbostratus rankNimbostratus
Dec 29, 2014

Redirect HTTP to HTTPS and path using iRules not working

Hi, Basically I need my F5 to redirect user request from www.abc.com to https://www.abc.com/pageX.php

 

I'm able to configure the iRule to redirect the path from https://www.abc.com to https://www.abc.com/pageX.php. However I'm still having problem to redirect from HTTP request to HTTPS. Anyone can guide me with the configuration?

 

Thanks!

 

  • I'm able to configure the iRule to redirect the path from https://www.abc.com to https://www.abc.com/pageX.php. However I'm still having problem to redirect from HTTP request to HTTPS.

    isn't it to just change http to https in HTTP::redirect command?

    e.g.

     configuration
    
    root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm virtual bar
    ltm virtual bar {
        destination 172.28.24.10:80
        ip-protocol tcp
        mask 255.255.255.255
        profiles {
            http { }
            tcp { }
        }
        rules {
            qux
        }
        source 0.0.0.0/0
        vs-index 13
    }
    root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm rule qux
    ltm rule qux {
        when HTTP_REQUEST {
      if { [HTTP::path] eq "/" } {
        HTTP::redirect "https://[HTTP::host]/pageX.php"
      }
    }
    }
    
     test
    
    [root@ve11a:Active:In Sync] config  curl -I http://www.abc.com
    HTTP/1.0 302 Found
    Location: https://www.abc.com/pageX.php
    Server: BigIP
    Connection: Keep-Alive
    Content-Length: 0
    
    
  • I'm able to configure the iRule to redirect the path from https://www.abc.com to https://www.abc.com/pageX.php. However I'm still having problem to redirect from HTTP request to HTTPS.

    isn't it to just change http to https in HTTP::redirect command?

    e.g.

     configuration
    
    root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm virtual bar
    ltm virtual bar {
        destination 172.28.24.10:80
        ip-protocol tcp
        mask 255.255.255.255
        profiles {
            http { }
            tcp { }
        }
        rules {
            qux
        }
        source 0.0.0.0/0
        vs-index 13
    }
    root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm rule qux
    ltm rule qux {
        when HTTP_REQUEST {
      if { [HTTP::path] eq "/" } {
        HTTP::redirect "https://[HTTP::host]/pageX.php"
      }
    }
    }
    
     test
    
    [root@ve11a:Active:In Sync] config  curl -I http://www.abc.com
    HTTP/1.0 302 Found
    Location: https://www.abc.com/pageX.php
    Server: BigIP
    Connection: Keep-Alive
    Content-Length: 0
    
    
    • Azlan_181023's avatar
      Azlan_181023
      Icon for Nimbostratus rankNimbostratus
      I realized that I need to create another virtual server for http service and apply this rule. It works now. Many thanks!!! And Happy New Year...
  • I'm able to configure the iRule to redirect the path from https://www.abc.com to https://www.abc.com/pageX.php. However I'm still having problem to redirect from HTTP request to HTTPS.

    isn't it to just change http to https in HTTP::redirect command?

    e.g.

     configuration
    
    root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm virtual bar
    ltm virtual bar {
        destination 172.28.24.10:80
        ip-protocol tcp
        mask 255.255.255.255
        profiles {
            http { }
            tcp { }
        }
        rules {
            qux
        }
        source 0.0.0.0/0
        vs-index 13
    }
    root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm rule qux
    ltm rule qux {
        when HTTP_REQUEST {
      if { [HTTP::path] eq "/" } {
        HTTP::redirect "https://[HTTP::host]/pageX.php"
      }
    }
    }
    
     test
    
    [root@ve11a:Active:In Sync] config  curl -I http://www.abc.com
    HTTP/1.0 302 Found
    Location: https://www.abc.com/pageX.php
    Server: BigIP
    Connection: Keep-Alive
    Content-Length: 0
    
    
    • Azlan_181023's avatar
      Azlan_181023
      Icon for Nimbostratus rankNimbostratus
      I realized that I need to create another virtual server for http service and apply this rule. It works now. Many thanks!!! And Happy New Year...
  • Hi,

     

    Please check the below solution which could help to achieve the goal using rules:

     

    SOL15085: Overview of the Local Traffic Policies feature

     

    Starting with BIG-IP 11.4.0, the Local Traffic Policies feature provides a way to classify traffic based on a list of matching rules, and then to run specific actions, such as, directing all HTTP traffic to the BIG-IP ASM system for security checks based on the configured security policy, redirecting traffic received on an HTTP virtual server to an HTTPS virtual server, sending traffic to a load balancing pool based on header data, or refining the types of traffic to be collected for statistical analysis in BIG-IP Analytics, etc.

     

    Regards, Hari

     

  • Hi,

     

    After going through above link:

     

    • Create a policy with Strategy as first-match, Requires select http, Controls as forwarding
    • create a rule inside the policy as mentioned below select http-uri as Operand, Event as request* and conditional requirements (non case sensitive) with the Value (e.g., /yahoo etc.,) Followed by Actions tab with Target: forward, event as request* and parameter select the Parameters (probably pool name as Value).

    Do not forget to attach the above policy name in ltm virtual configuration, to make this effective..

     

    Regards, Hari