Redirect HTTP to HTTPS for some users

Question

I have a need to redirect any external users that try to access a web site via HTTP to HTTPS.
&nbsp; 
&nbsp;I also need to allow internal users to access the exact same site via both HTTP AND HTTPS.&nbsp;
I was using this irule to redirect outside users to HTTPS&nbsp;
&nbsp;when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] } &nbsp;
&nbsp;I then had inside users go to a different virtual server that used the same nodes but did not do any redirecting.&nbsp;
&nbsp;This does not work, it appears the irule is redirecting eveything to HTTPS.&nbsp;
&nbsp;Is thre a way I can write the irule to not redirect any devices with a particular source subnet ( say 10.3.4.0/24) and redirect anything else to HTTPS?&nbsp;
&nbsp;Or is there a better way to accomplish this?&nbsp;
&nbsp;Thanks in advance for your help.&nbsp;

chris_miller · Answer

I like to use data groups in situations like this. You can make an address-type data group that contains the subnets you don't want to redirect. If you're using 10.x, your iRule will look something like this:

when HTTP_REQUEST { 
   if { [TCP::local_port] eq 80 and ![class match [IP::client_addr] eq datagroup] } {
     HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }

That's how I'd do it anyways

Forum Discussion

Redirect HTTP to HTTPS for some users

Recent Discussions

How do I create a traffic log for two different route domains?

Http / https health monitor issue

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

Related Content

(HTTP) Redirection via Arbitrary Host Header

HTTP To HTTPS Redirect 301

F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP headers

DEVCENTRAL END-USER LICENSE AGREEMENT

Securing the LLM User Experience with an AI Firewall

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS