Redirect internal link to external site

Question

We are trying to have a client application use a proxy URL into our Big-IP server through an SSL connection from a mobile client. We want to redirect a Virtual Server input url (.../ms365) back out to the Microsoft 365 Web site (https://login.microsoftonline.com). The remainder of the urls are routed to our internal pool of web servers. I created a new MS_redirect Virtual Server that gets called with the /ms365 link, which then has an HTTP redirect call back out to the microsoft site. I set SNAT to dynamic on the MS_redirect virtual server. The redirect is also a SSL connection back out to the microsoft site.&nbsp;
My question is, is the a valid approach to do an external redirect? I am getting an error (although, i'm struggling with how to log the error response (newbie)). Also, do I need a SSL Server profile or SSL Client profile on the MS_redirect?&nbsp;
../ms365 (web client) -&gt; proxyVS - iRule -&gt; MS_redirect vs -&gt; HTTP Redirect -&gt; https://login.microsoftonline.com (then back).&nbsp;
Thanks for any help! Dean&nbsp;

nitass_89166 · Answer

not sure if i understand correctly (i guess i don't). if not, would you mind posting some example please? anyway, this is just a http redirection example based on uri.
e.g.root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.20.111:443
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        clientssl {
            context clientside
        }
        http { }
        tcp { }
    }
    rules {
        myrule
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 22
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
    when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/ms365" } {
    HTTP::redirect "https://login.microsoftonline.com/"
  }
}
}

nitass · Answer

not sure if i understand correctly (i guess i don't). if not, would you mind posting some example please? anyway, this is just a http redirection example based on uri.
e.g.root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.20.111:443
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        clientssl {
            context clientside
        }
        http { }
        tcp { }
    }
    rules {
        myrule
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 22
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
    when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/ms365" } {
    HTTP::redirect "https://login.microsoftonline.com/"
  }
}
}

kevin_stewart · Answer

../ms365 (web client) -&gt; proxyVS - iRule -&gt; MS_redirect vs -&gt; HTTP Redirect -&gt; https://login.microsoftonline.com (then back).&nbsp;

Does this mean that when a client requests the URI "/ms365" from the proxy VIP, that an iRule redirects them to another VIP, which then redirects them directly to a Microsoft page? If so, why so many redirects (and VIPs)? And more important, what is the goal? How does your application interact with the Microsoft site?&nbsp;

kevin_stewart · Answer

Okay, so my first observation here is that SNAT isn't relevant in an HTTP redirect situation. SNAT would be important if the traffic were flowing through the VIP to the application, but because you're redirecting, the remote service is going to get the client's source address.&nbsp;
Second, when a user accesses the trigger URL, gets redirected and then redirected again, and then lands on the remote site's page, what happens next? How does the user get back to your site? How does the remote site share information with your site? &nbsp;

kevin_stewart · Answer

From an iRule, you can simply use:
log local0. "some arbitrary test or output of a command like [HTTP::uri]"

That will show up in /var/log/ltm. If you have access to the management shell, one of the best iRule troubleshooting tools is simply to "tail" this log:
tail -f /var/log/ltm

Forum Discussion

Redirect internal link to external site

7 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Problems connecting to vpn after upgrading to ubuntu 24.04

How can I run the ‘Network Map’ feature from the CLI or how can I view this information?

SSLO Policy Condition - Server Certificate (Issuer DN)

f5 client certificate forwarding

How to configure pool to go down if multiple members are down

Related Content

Redirecting to an external site when the internal site is down

F5 HTTPS Redirect 2025

How to achieve hiding internal URLs and HTTP dynamic redirection with F5 XC HTTP Load Balancer

External and Internal DNS on same appliance

Create isolated environment for internal and external networks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS