Forum Discussion

Tyler_Jason_985's avatar
Tyler_Jason_985
Icon for Nimbostratus rankNimbostratus
Aug 02, 2006

Redirect HTTP to HTTPS Based upon URL

Hello all,

 

I am new to iRules, BigIP and the like so I apologize in advance.

 

 

I have a situation where I need to redirect HTTPs to HTTP when a url does not start with 'abc.xyz.com'.

 

 

Background: In order for our application to work, we must set the BigIP's rewrite parameter to 'ALL'. By doing so, all urls redirect to https. This is due to a known defect between IBM's WebSphere App Server - webserver plugin and BigIP (IBM Reference 1116533 - Compatibility problems with hardware secure socket layers accelerators and the WebSphere Application Server Web server plugin).

 

 

However, there are some URLs in our application that should not be redirected to HTTPS. If there wasn't a conflict between IBM WAS and BigIP, we could set the rewrite parameter to 'Matching' and our problem would be resolved.

 

 

So, since we have to set the rewrite to 'All', will an iRule do the trick to resolve my issue? Will the iRules fire after the rewrite parameter fires?

 

 

Based upon the forums and the reference material, I put together an iRule. Am I on the right track?

 

 

when HTTP_REQUEST {

 

if the uri does not contain "abc.xyz.com", then redirect

 

to the HTTP version

 

if { ! [matchclass [HTTP::uri] contains "abc.xyz.com"] }

 

{ HTTP::redirect "http://[HTTP::host][HTTP::uri]" }}

 

 

Thank you in advance!
application delivery
dev
devops
iRules
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Aug 02, 2006
    The matchclass command is used to lookup values in a data group. This isn't needed since you are using a single string comparison on HTTP::host.

    Second thing is that you need the HTTP::host value instead of the HTTP::uri. The format of the full url is:

    http://[HTTP::host][HTTP::uri]

    http://abc.xyz.com/somepath

    [HTTP::host] -> 'abc.xyz.com'

    [HTTP::uri] -> '/somepath'

    This should do it for you.

    when HTTP_REQUEST {
  if { ! [HTTP::host] equals "abc.xyz.com" } {
    HTTP::redirect http://[HTTP::host][HTTP::uri]
  }
}

    (I changed "contains" to "equals" assuming that was the full domain name. If you truely want any domain containing your "abc.xyz.com" then leave the contains in there.)

    Also, make sure that you don't have this rule processing on http or you could get into an infinite loop.

    -Joe
  • Jim_Reilly_4704's avatar
    Jim_Reilly_4704
    Historic F5 Account
    Aug 15, 2006
    Joe this is similar to the request above as it has to do with the rewrite all function modifying redirects to sites not hosted by the origin application.. Rewriting a 30x based on the host name in the location field. For example if the location contains abc.com then rewrite to HTTPS://host/uri. iRule 1st timer appreciate the patience. Thanks in advance.

     

     

     

    when HTTP_RESPONSE {

     

     

     

     

     

     

    if { [HTTP::status] starts_with "3" & [HTTP::location] contains "abc.com/" } {

     

     

    set location [HTTP::header "Location"];

     

     

    log LOCAL0.debug "Location: $location (check for rewrites)";

     

     

     

     

    if { $location starts_with "http://" } {

     

     

     

     

    set temp [substr $location 7];

     

     

     

     

    HTTP::header replace "Location" "https://$temp";

     

     

    }

     

     

    }

     

     

    }