Forum Discussion
mlamutt_62697
Nimbostratus
Feb 03, 2010Redirect HTTP to HTTPS with IP exclusions
I am writing an iRule to allow HTTP access for a select set of IPs while forcing all other traffic to https. This is what I have come up with, but it is not working. Apologies in advance, as this is my first attempt at creating a new rule.
when HTTP_REQUEST {
if { not ([IP::addr [IP::client_addr]] equals 10.0.0.0/8) or
not ([IP::addr [IP::client_addr]] equals 172.16.0.0/16)
} {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
}
The error I am getting is:
01070151:3: Rule [HTTPRedirectWSODExluded] error: line 2: [parse error: PARSE syntax 73 {syntax error in expression " not ([IP::addr [IP::client_addr]] equals 10.0.0.0/8) or ...": looking for close parenthesis}] [{ not ([IP::addr [IP::client_addr]] equals 10.0.0.0/8) or not ([IP::addr [IP::client_addr]] equals 172.16.0.0/16) }]
Any help would be appreciated.
- hoolio
Cirrostratus
The syntax error is in the IP::addr closing braces and the unescaped new line between the IP::addr commands. Also, you can check the client IP in CLIENT_ACCEPTED and redirect in HTTP_REQUEST to save checking the client IP on every request:when CLIENT_ACCEPTED { Check if the client IP is in the two internal ranges if { [IP::addr [IP::client_addr] equals 10.0.0.0/8] or \ [IP::addr [IP::client_addr] equals 172.16.0.0/16]} { Dont redirect the client set redirect 0 } else { set redirect 1 } } when HTTP_REQUEST { if {$redirect}{ HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }
- mlamutt_62697
Nimbostratus
Thanks... That works like a charm.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects