I need to redirect traffic that comes to my VIP as http:\\x.y.z to https:\\x.y.z however since there is no actual HTTP_REQUEST triggered when the request comes in as http I need to trigger this redirect with some other trigger that happens before the request like port or client address but none of these seem to allow for the HTTP::redirect command to be issued. Any Ideas??? Thank you, Corey

I'm not sure I follow. Why is there no HTTP_REQUEST even triggered? This is where you'd want to put the redirect... Colin

There is no HTTP_REQUEST triggered because HTTP(port 80) is not running on the physical server it only is running 443. This is simply a redirect to allow users to be lazy and not type https.

Here is how is looked in Version 4 if (server_port == 80) { if (http_uri contains "IDHAN" or http_uri contains "idhan") { redirect to "https://%h/%u" } else { if (http_uri contains "HanHelp" or http_uri contains "hanhelp") { use pool Health-DVLP } else { discard } } }

The HTTP_REQUEST event fires when the LTM sees an HTTP_REQUEST come in from the client. It has nothing to do with what is, or isn't running on the server. Colin

well according the packet captures that I am doing I am getting a HTTP Get packet to the VIP and not processing the I rule so what else should I look at to see why the HTTP_REQUEST is not getting triggered. When I send the same host and uri only using https it triggers the HTTP_REQUEST. Not sure why it is not triggering the HTTP_REQUEST then do you know why?

Redirect HTTP to HTTPS without using HTTP_REQUEST trigger

26 Replies

Colin_Walker_12
Historic F5 Account
Jan 14, 2008
Typos will get even the best of us from tiem to tiem. :p

Glad to hear it's working for you.

Colin
Leslie_South_55
Nimbostratus
Jan 17, 2008
Hoolio, I am seeing the following errors using your rule

Jan 17 13:55:46 tmm tmm[938]: Rule rule_http2https-1vs : ---------------------------- Start ----------------------------

Jan 17 13:55:46 tmm tmm[938]: Rule rule_http2https-1vs : HTTPS request from 10.20.47.82 to 10.20.15.4:443

Jan 17 13:55:46 tmm tmm[938]: 01220001:3: TCL error: Rule rule_http2https-1vs - can't read "vip_http_port": no such variable

while executing "if { ($::redirect_http_to_https == 1 or ([info exists redirect_http_to_https] && $redirect_http_to_https)) and $vip_http_port==1}{

HTTP::redirec..."

any ideas?
Leslie_South_55
Nimbostratus
Jan 17, 2008
Hoolio

I am gettting the following errors when using your example

Jan 17 13:55:46 tmm tmm[938]: Rule rule_http2https-1vs : ---------------------------- Start ----------------------------

Jan 17 13:55:46 tmm tmm[938]: Rule rule_http2https-1vs : HTTPS request from 10.20.47.82 to 10.20.15.4:443

Jan 17 13:55:46 tmm tmm[938]: 01220001:3: TCL error: Rule rule_http2https-1vs - can't read "vip_http_port": no such variable

while executing "if { ($::redirect_http_to_https == 1 or ([info exists redirect_http_to_https] && $redirect_http_to_https)) and $vip_http_port==1}{

HTTP::redirec..."

Any ideas?

-L
Leslie_South_55
Nimbostratus
Jan 17, 2008
sorry for the double post, did not see page 2. also I set the port on the VS to * (forgot that step). Here is more log info as well as the HTTP header info.

HTTP HEADER

GET /pwdmgr/default.aspx HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1; .NET CLR 2.0.50727)

Host: 10.20.15.4

Connection: Keep-Alive

HTTP/1.0 302 Found

Location: https://10.20.15.4/pwdmgr/default.aspx

Server: BigIP

Connection: Keep-Alive

Content-Length: 0

GET /pwdmgr/default.aspx HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1; .NET CLR 2.0.50727)

Host: 10.20.15.4

Connection: Keep-Alive

BIGIP LOG

Jan 17 14:28:17 tmm tmm[938]: Rule rule_http2https-1vs : ---------------------------- Start -----------------------

-----

Jan 17 14:28:17 tmm tmm[938]: Rule rule_http2https-1vs : HTTP request from 10.20.47.82 to 10.20.15.4:80

Jan 17 14:28:17 tmm tmm[938]: Rule rule_http2https-1vs : Client SSL profile enabled on VIP. Disabling SSL

Jan 17 14:28:17 tmm tmm[938]: Rule rule_http2https-1vs : redirecting client 10.20.47.82 to https://10.20.15.4/pwdmgrle

novo/default.aspx

Jan 17 14:28:17 tmm tmm[938]: Rule rule_http2https-1vs : ---------------------------- Start -----------------------

-----

Jan 17 14:28:17 tmm tmm[938]: Rule rule_http2https-1vs : HTTPS request from 10.20.47.82 to 10.20.15.4:443

Jan 17 14:28:19 tmm tmm[938]: Rule rule_http2https-1vs : ---------------------------- Start -----------------------

-----

Jan 17 14:28:19 tmm tmm[938]: Rule rule_http2https-1vs : HTTPS request from 10.20.47.82 to 10.20.15.4:443

Jan 17 14:28:19 tmm tmm[938]: 01220001:3: TCL error: Rule rule_http2https-1vs - can't read "vip_http_port": no such v

ariable while executing "if { ($::redirect_http_to_https == 1 or ([info exists redirect_http_to_https] && $redirect_http_to_http

s)) and $vip_http_port==1}{ HTTP::redirec..."
hoolio
Cirrostratus
Jan 18, 2008
Hi lsouth,

I was checking to see if $vip_http_port was set to 1, but wasn't setting it for HTTPS connections. I added a check to see if the variable exists before trying to see if it is set to 1.

Can you give that a shot?

Thanks,

Aaron
Leslie_South_55
Nimbostratus
Jan 18, 2008
works like a champ. Thanks Hoolio..this is an awesome rule, but MAN there is a lot too it.

Regards,

-L