redirect HTTPS to HTTP

1. What you have done above is not a redirect. You want HTTP::redirect {http://www.site.com/page1}

2. If however you are just trying to pass traffic unencrypted to a back end server then you don't need to do this at all. Just set the pool to be the http servers and make sure server ssl is set to none in the VIP configuration.

 

3. Use a HTTP class for this, its designed for the job. Note that a VIP must still be configured to answer on port 443 to handle the incoming HTTPS requests

 

 

See this article, apply in reverse... http://support.f5.com/kb/en-us/solutions/public/7000/100/sol7125.html?sr=15854582

 

Yep sorry the irule would be more like the below i guess.

 

 

when HTTP_REQUEST {

 

HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]

 

}

 

 

But anyway i'll look into the classes again.

 

thanks!

 

If you use the same iRules for both HTTP and HTTPS traffic you could include something like this. It would not touch the HTTP Traffic, but would flip and redirect the HTTPS Traffic based upon the incoming TCP Port.

 
when HTTP_REQUEST {
    if { [TCP::local_port] == 443 } {
        HTTP::redirect "http://[getfield [HTTP::host] ":" 1 ][HTTP::uri]"
    }
}

Hi Guys,

 

Having a bit of trouble with this.

 

 

I configured the HTTP Class with the following:

 

 

Under actions, redirect too:

 

 

http://[HTTP::host][HTTP::uri]

 

 

Do I need to assign a pool to the HTTPS VIP?

 

 

The HTTP VIP uses HTTP Classes to redirect to a pool based on URI

 

Hi Luca,

 

 

Are you doing SSL offload on the LTM? If not, an HTTP rule will never work because you won't be able to read any of the encrypted traffic.

there is no SSL off load, these sites are only HTTP.

 

In the past they have been HTTPS and HTTP, but this has changed and are now only HTTP.

 

 

I need to be able to redirect any HTTPS requests to the HTTP sites since people probably haven't updated their bookmarks

I have been doing a lot of research on this and i still can't get this working.

Currently i have this iRule which has been mentioned in numerous threads on this forum.

when HTTP_REQUEST {
  HTTP::redirect http://[HTTP::host][HTTP::uri]
}

However i'm still not getting anywhere.

Do i need a client SSL profile for the HTTPS VIP?

Do i need to assign a pool to the HTTPS VIP

Here are some of the threads i have seen on this same topic:

http://devcentral-llix.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/1176927/showtab/groupforums/Default.aspx

http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/1174687/showtab/groupforums/Default.aspx

http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/1172198/showtab/groupforums/Default.aspx

All of them use a similar iRule to the one i have above. However nothing really talks about if a pool is required or an SSL client.

I have tried it with both and am getting nowhere!

Update: SO looks like you do need a client SSL cert. I don't have one for this site but just assigned another one and it worked! There was a certificate error, but it worked none the less

Luca,

 

 

The HTTPS VIP has to be setup or it will not work. It requires a clientside certificate or the F5 will not be able to decode the traffic. An analogy would be a garden hose with SSL being the hose itself. The HTTP conversation is the water through the hose. If the F5 cannot see the water it cannot redirect it. In other words if the F5 cannot see the HTTP traffic , it is unable to tell the client that you need to go here instead, being the redirect.

 

 

Jarvil