Forum Discussion

Yugandhar's avatar
Yugandhar
Icon for Nimbostratus rankNimbostratus
Aug 13, 2018

Redirect HTTP Traffic to HTTPS on a Nonstandard Port.

Hi,

 

Could you please help on this requirement:-

 

Traffic to http or http://test7883.com:80 has to be forwarded to https://test7883.com:8900

 

HTTP::redirect "https://[getfield [HTTP::host] : 1][HTTP::uri]"

 

Suppose if the HTTPS VIP is configured on a nonstandard port say 8900 then can the above redirect statement forward the traffic to https://test7883.com:8900 as the command [getfield [HTTP::host]: 1 would extract only test7883.com but not the port number

 

Thanks,

 

Yugandhar.

 

application delivery
BIG-IP
iRules
  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for Noctilucent rankNoctilucent
    Aug 14, 2018

    You can't run http and https on the same ports (8900).

    Update: I stand corrected, looks like it can be done,

     when CLIENT_ACCEPTED { 
     Set a variable to track whether this is an HTTPS request 
    set https 0 
 } 
 when CLIENTSSL_HANDSHAKE { 
     There was a client side SSL handshake, so update the variable 
    set https 1 
 } 
 when HTTP_REQUEST { 
     If it's not an HTTPS connection, send a redirect 
    if {not ($https)}{ 
       HTTP::redirect https://[getfield [HTTP::host] : 1][HTTP::uri]
    } 
 }
  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for Noctilucent rankNoctilucent
    Aug 14, 2018

    So something like below I feel,

     when CLIENT_ACCEPTED { 
     Set a variable to track whether this is an HTTPS request 
    set https 0 
 } 
 when CLIENTSSL_HANDSHAKE { 
     There was a client side SSL handshake, so update the variable 
    set https 1 
 } 
 when HTTP_REQUEST { 
     If it's not an HTTPS connection, send a redirect 
    if {not ($https)}{ 
       HTTP::redirect https://[getfield [HTTP::host] : 1]:8900[HTTP::uri]
    } 
 }
  • Samir_Jha_52506's avatar
    Samir_Jha_52506
    Icon for Noctilucent rankNoctilucent
    Aug 14, 2018

    Instead of creating 3 VIPs, only one VIP(443) is enough to redirect connection.

     

    Above iRule is correct but only iRule will not help to solve issue. You need to enable non-SSL connections on SSL profile.

     

    Follow the link

     

    • Yugandhar's avatar
      Yugandhar
      Icon for Nimbostratus rankNimbostratus
      Aug 15, 2018

      Thank you .. if we apply the iRule

       

      HTTP::redirect "https://[getfield [HTTP::host] : 1][HTTP::uri]"

       

      on the VIP http ... will this redirect the traffic to https://test7883.com:8900

       

      Here we have a HTTP VIP on port 8900 and HTTPS VIP running on a nonstandard port (8900).. So traffic coming to HTTP VIP i.e http://test7883.com:8900 should be forwarded to HTTPS VIP i.e. https://test7883.com:8900 which accepts https connections on port 8900.