Redirect HTTP to HTTPS without using HTTP_REQUEST trigger

I thought the V9 was suppose to do away with the nonsense of having to create 2 VIP to proxy information back and forth. Guess not.

Also, if you really want to, you can actually do this with a single virtual server. The configuration is slightly more complex compared with configuring one HTTP and one HTTPS virtual server, as it requires an iRule to handle the various scenarios.

 

 

To do this, create a single virtual server defined on port 0 (any) with a client SSL profile and an HTTP profile configured. The pool would be made up of web servers accepting HTTP only (port 80). You can then use an iRule to disable the client SSL profile for HTTP requests. Or you can enable the 'non-ssl' option on the client SSL profile to allow HTTP communication to the virtual server through the client SSL profile. You would also want to drop (ignore) or reject (send a TCP reset) to requests not on the HTTP or HTTPS ports. I added an example to the codeshare (Click here).

 

 

Aaron

When I try to use your codeshare I get many errors. Any ideas?

01070151:3: Rule [WHAT] error: line 29: [command is not valid in current event context RULE_INIT] [TCP::local_port] line 32: [command is not valid in current event context RULE_INIT] [IP::client_addr] line 32: [command is not valid in current event context RULE_INIT] [IP::local_addr] line 32: [command is not valid in current event context RULE_INIT] [TCP::local_port] line 35: [command is not valid in current event context RULE_INIT] [PROFILE::exists clientssl] line 36: [command is not valid in current event context RULE_INIT] [IP::client_addr] line 36: [command is not valid in current event context RULE_INIT] [TCP::local_port] line 36: [command is not valid in current event context RULE_INIT] [IP::local_addr] line 37: [command is not valid in current event context RULE_INIT] [reject] line 39: [command is not valid in current event context RULE_INIT] [TCP::local_port] line 42: [command is not valid in current event context RULE_INIT] [IP::client_addr] line 42: [command is not valid in current event context RULE_INIT] [IP::local_addr] line 42: [command is not valid in current event context RULE_INIT] [TCP::local_port] line 45: [command is not valid in current event context RULE_INIT] [PROFILE::exists clientssl] line 53: [command is not valid in current event context RULE_INIT] [IP::client_addr] line 53: [command is not valid in current event context RULE_INIT] [IP::local_addr] line 53: [command is not valid in current event context RULE_INIT] [TCP::local_port] line 54: [command is not valid in current event context RULE_INIT] [reject]

The 2 server idea works and I have that working now but I would love to make the single server I rule work but I am not sure what I am missing. Thanks for the input and I hope to hear more about this single server set up. Thanks

Sorry... somehow in my copying/pasting, I lost the line with 'when CLIENT_ACCEPTED'. Can you give the updated version a try? (Click here)

 

 

Thanks,

 

Aaron

Thanks it looks like the code is accepted in the Irule but it is still not giving the desired result and does not appear to be processing according to the stats. I guess I will just have to use the 2 server scenario unless you have any other ideas.

 

Thanks

Got it working!!!!!

 

Hoolio is the man

 

Thanks alot.

Glad to hear you got it working. Out of curiosity, what was the problem and fix? I had adapted that rule from a more complex one for ASM and hadn't tested the modified version fully.

 

 

Aaron

Sorry for the delay in response I have been finally making progress and forgot to update you. Anyways the problem was simply a typo I had the wrong uri in and hence it did not work. Your code is awesome though. Thanks again