Forum Discussion

mlamutt_62697's avatar
mlamutt_62697
Icon for Nimbostratus rankNimbostratus
Feb 03, 2010

Redirect HTTP to HTTPS with IP exclusions

I am writing an iRule to allow HTTP access for a select set of IPs while forcing all other traffic to https. This is what I have come up with, but it is not working. Apologies in advance, as this is my first attempt at creating a new rule.

 

 

when HTTP_REQUEST {

 

if { not ([IP::addr [IP::client_addr]] equals 10.0.0.0/8) or

 

not ([IP::addr [IP::client_addr]] equals 172.16.0.0/16)

 

} {

 

HTTP::redirect https://[HTTP::host][HTTP::uri]

 

}

 

}

 

 

 

The error I am getting is:

 

 

01070151:3: Rule [HTTPRedirectWSODExluded] error: line 2: [parse error: PARSE syntax 73 {syntax error in expression " not ([IP::addr [IP::client_addr]] equals 10.0.0.0/8) or ...": looking for close parenthesis}] [{ not ([IP::addr [IP::client_addr]] equals 10.0.0.0/8) or not ([IP::addr [IP::client_addr]] equals 172.16.0.0/16) }]

 

 

Any help would be appreciated.
application delivery
dev
devops
iRules

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Feb 03, 2010
    The syntax error is in the IP::addr closing braces and the unescaped new line between the IP::addr commands. Also, you can check the client IP in CLIENT_ACCEPTED and redirect in HTTP_REQUEST to save checking the client IP on every request: 

       
   when CLIENT_ACCEPTED {   
      
       Check if the client IP is in the two internal ranges   
      if { [IP::addr [IP::client_addr] equals 10.0.0.0/8] or \   
         [IP::addr [IP::client_addr] equals 172.16.0.0/16]} {   
      
          Dont redirect the client   
         set redirect 0   
      } else {   
         set redirect 1   
      }   
   }   
   when HTTP_REQUEST {   
      if {$redirect}{   
         HTTP::redirect "https://[HTTP::host][HTTP::uri]"   
      }   
   }

    Aaron