Forum Discussion

Azlan_181023's avatar
Azlan_181023
Icon for Nimbostratus rankNimbostratus
Dec 29, 2014

Redirect HTTP to HTTPS and path using iRules not working

Hi, Basically I need my F5 to redirect user request from www.abc.com to https://www.abc.com/pageX.php

 

I'm able to configure the iRule to redirect the path from https://www.abc.com to https://www.abc.com/pageX.php. However I'm still having problem to redirect from HTTP request to HTTPS. Anyone can guide me with the configuration?

 

Thanks!

 

application delivery
deployment
devops
iRules
LTM
TMOS
  • nitass_89166's avatar
    nitass_89166
    Dec 29, 2014

    I'm able to configure the iRule to redirect the path from https://www.abc.com to https://www.abc.com/pageX.php. However I'm still having problem to redirect from HTTP request to HTTPS.

    isn't it to just change http to https in HTTP::redirect command?

    e.g.

     configuration

root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    vs-index 13
}
root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if { [HTTP::path] eq "/" } {
    HTTP::redirect "https://[HTTP::host]/pageX.php"
  }
}
}

 test

[root@ve11a:Active:In Sync] config  curl -I http://www.abc.com
HTTP/1.0 302 Found
Location: https://www.abc.com/pageX.php
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 29, 2014

    I'm able to configure the iRule to redirect the path from https://www.abc.com to https://www.abc.com/pageX.php. However I'm still having problem to redirect from HTTP request to HTTPS.

    isn't it to just change http to https in HTTP::redirect command?

    e.g.

     configuration

root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    vs-index 13
}
root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if { [HTTP::path] eq "/" } {
    HTTP::redirect "https://[HTTP::host]/pageX.php"
  }
}
}

 test

[root@ve11a:Active:In Sync] config  curl -I http://www.abc.com
HTTP/1.0 302 Found
Location: https://www.abc.com/pageX.php
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
    • Azlan_181023's avatar
      Azlan_181023
      Icon for Nimbostratus rankNimbostratus
      Dec 31, 2014
      I realized that I need to create another virtual server for http service and apply this rule. It works now. Many thanks!!! And Happy New Year...
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Dec 29, 2014

    I'm able to configure the iRule to redirect the path from https://www.abc.com to https://www.abc.com/pageX.php. However I'm still having problem to redirect from HTTP request to HTTPS.

    isn't it to just change http to https in HTTP::redirect command?

    e.g.

     configuration

root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    vs-index 13
}
root@(ve11a)(cfg-sync Sync Failed)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if { [HTTP::path] eq "/" } {
    HTTP::redirect "https://[HTTP::host]/pageX.php"
  }
}
}

 test

[root@ve11a:Active:In Sync] config  curl -I http://www.abc.com
HTTP/1.0 302 Found
Location: https://www.abc.com/pageX.php
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
    • Azlan_181023's avatar
      Azlan_181023
      Icon for Nimbostratus rankNimbostratus
      Dec 31, 2014
      I realized that I need to create another virtual server for http service and apply this rule. It works now. Many thanks!!! And Happy New Year...
  • hari_126827's avatar
    hari_126827
    Icon for Cirrus rankCirrus
    Dec 30, 2014

    Hi,

     

    Please check the below solution which could help to achieve the goal using rules:

     

    SOL15085: Overview of the Local Traffic Policies feature

     

    Starting with BIG-IP 11.4.0, the Local Traffic Policies feature provides a way to classify traffic based on a list of matching rules, and then to run specific actions, such as, directing all HTTP traffic to the BIG-IP ASM system for security checks based on the configured security policy, redirecting traffic received on an HTTP virtual server to an HTTPS virtual server, sending traffic to a load balancing pool based on header data, or refining the types of traffic to be collected for statistical analysis in BIG-IP Analytics, etc.

     

    Regards, Hari

     

  • hari_126827's avatar
    hari_126827
    Icon for Cirrus rankCirrus
    Dec 30, 2014

    Hi,

     

    After going through above link:

     

    • Create a policy with Strategy as first-match, Requires select http, Controls as forwarding
    • create a rule inside the policy as mentioned below select http-uri as Operand, Event as request* and conditional requirements (non case sensitive) with the Value (e.g., /yahoo etc.,) Followed by Actions tab with Target: forward, event as request* and parameter select the Parameters (probably pool name as Value).

    Do not forget to attach the above policy name in ltm virtual configuration, to make this effective..

     

    Regards, Hari