Forum Discussion
Corey_Webb_9791
Nimbostratus
NimbostratusRedirect HTTP to HTTPS without using HTTP_REQUEST trigger
I need to redirect traffic that comes to my VIP as http:\\x.y.z to https:\\x.y.z however since there is no actual HTTP_REQUEST triggered when the request comes in as http I need to trigger this redirect with some other trigger that happens before the request like port or client address but none of these seem to allow for the HTTP::redirect command to be issued. Any Ideas???
Thank you,
Corey
26 Replies
- I'm not sure I follow. Why is there no HTTP_REQUEST even triggered?
This is where you'd want to put the redirect...
Colin 
Corey_Webb_9791There is no HTTP_REQUEST triggered because HTTP(port 80) is not running on the physical server it only is running 443. This is simply a redirect to allow users to be lazy and not type https.- Corey_Webb_9791Here is how is looked in Version 4
if (server_port == 80) {
if (http_uri contains "IDHAN" or http_uri contains "idhan") {
redirect to "https://%h/%u"
}
else {
if (http_uri contains "HanHelp" or http_uri contains "hanhelp") {
use pool Health-DVLP
}
else {
discard
}
}
} - The HTTP_REQUEST event fires when the LTM sees an HTTP_REQUEST come in from the client. It has nothing to do with what is, or isn't running on the server.
Colin - Corey_Webb_9791well according the packet captures that I am doing I am getting a HTTP Get packet to the VIP and not processing the I rule so what else should I look at to see why the HTTP_REQUEST is not getting triggered. When I send the same host and uri only using https it triggers the HTTP_REQUEST. Not sure why it is not triggering the HTTP_REQUEST then do you know why?
- When you say "the VIP", are you saying that there is only one Virtual for both port 80 and port 443 traffic? Meaning it's listening on all ports?
With the iRule shown above, any HTTP requests coming into the VIP that the rule is applied to would trigger an HTTP_REQUEST event, and the code contained therein.
Colin - Corey_Webb_9791one VIP running all ports
- Corey_Webb_9791Looks like when I take my client ssl profile out which has the certificate assigned to it then I can get to the site using the HTTP address but now I can not get to it using the HTTPS site any ideas on how I can make this work.
- Corey_Webb_9791Rule looks like this now.
when HTTP_REQUEST {
if {[TCP::server_port] == 80 } {
if {[string tolower [HTTP::uri]] equals "idhan/" } {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
pool NETDEV
}
elseif {
[string tolower [HTTP::uri]] equals "hanhelp/"} {
pool NETDEV
}
else {
discard} - Slight rule mod, too:
when HTTP_REQUEST { if {[string tolower [HTTP::uri]] starts_with "/idhan" } { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } elseif { [string tolower [HTTP::uri]] starts_with "/hanhelp"} { pool NETDEV } else { discard } }
No need to redirect AND try to send to a pool in the same if case.
Colin
