Forum Discussion
Redirect https:// to https://www
Hello DevCentral members!
I am trying to write an iRule to redirect my host from https:// to https://www for all requests. My rule is listed below. Does this look like it will work? I want to run this on my 443 VIP.
when HTTP_REQUEST {
if{ [HTTP::host] contains "hostname.net"} {
HTTP::redirect https://www.[HTTP::host][HTTP::uri]
}
}
I currently have this set up as an HTTP Class rule but I am upgrading from 11.2.1 to 11.4.1 and know that the HTTP Class is deprecated in 11.4.x. Any help would be appreciated!
Thanks!
4 Replies
If you have both hostname.net and www.hostname.net on the same virtual, this iRule will result in an infinite loop as you are using a "contains" comparison and "www.hostname.net" contains "hostname.net" and it will in turn redirect to "www.www.hsotname.net". I'd try something like this
when HTTP_REQUEST { if { !([HTTP::host] starts_with "www.") && ([HTTP::host] contains "hostname.net") ) { HTTP::redirect "https://www.[HTTP::host][HTTP::uri]" } }Whether you leave in the second condition is up to you. It may very well work just by checking whether or not the host starts with "www.".
Also keep in mind that if this is on a SSL vip, you'll have to be terminating SSL for the iRule to be able to look at the HTTP request. But, I'm assuming you are doing this anyway since you are using a class profile.
-Joe
Thanks Joe. I am terminating SSL on the VIP so we should be good.
I have a couple additional questions:
1. What does the ! signify in front of the first condition? Does this read "if the host starts with www. than do nothing, otherwise add the www?" I am new to iRule writing so just want to be certain before implementing!
2. Is this a better way to go rather than using HTTP class? I am under the impression that this gets converted when upgrading to 11.4.x but I was trying to get in front as it is critical that our app sees www.hostname.net as opposed to hostname.net. I can't lose that functionality!
Thanks!
Jeff- The "!" is a NOT operator which gives the negative on the comparison. You can also use the keyword "not" if you want. For this example, it would read: "if HTTP::host does not start with 'www.' and HTTP::host does contain 'hostname.net', then redirect to https://www.[HTTP::host][HTTP::uri]". As for going with a HTTP::class, I'd suggest going that route if you were certain your platform supported it, but with the upgrade, if I were you, I'd get the iRule working and head that issue off at the pass and not rely on an upgrade doing it for you. I'm not sure what the upgrade process does but I do recall hearing some customers having to do some work to get their class profiles migrated post upgrade.
- JRahm
Admin
you don't have to use an iRule in 11.4.x, you can use the centralized policy matching functionality that is replacing the httpclass. Here's a tmsh example of simple redirecting host to ssl:
ltm policy cpm.ssl_redirect { controls { forwarding } requires { http } rules { cpm.ssl_redirect.rule { actions { 0 { http-reply redirect location https://[HTTP::host][HTTP::uri] } } conditions { 0 { http-host host ends-with values { hostname.net } } } ordinal 1 } } strategy first-match }
