Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

sandiksk's avatar
sandiksk
Icon for Nimbostratus rankNimbostratus
May 08, 2024

redirect not working

I have below scenario works without redirect if statement . when i add the if statement for uri redirect getting a reset.   when HTTP_REQUEST { if { [HTTP::uri] starts_with "/" } {    HTTP::redir...
application delivery
irule
LTM
Paulius's avatar
Paulius
Icon for MVP rankMVP
May 08, 2024

The reason your redirect to "/testpage" isn't working is because you aren't providing the full URL and you are using "starts_with" instead of "eq". When you use "starts_with" "/" you will receive a redirect for every single path that comes to the F5 causing a redirect loop, which is what you are probably experiencing. I have come up with the following rule that should work, assuming this is HTTP and not HTTPS, if it's HTTPS you just have to replace "http://" with "https://" and it will work appropriately.

when HTTP_REQUEST priority 500 {

    if { [active_members pool1] != 0 } {
        if { [HTTP::uri] == "/" } {
            HTTP::redirect "http://[HTTP::host]/testpage"
        }
    } else {
        if { ( ( [class match [IP::client_addr] eq "whitelist"] ) && ( [active_members pool2 ] > 0 ) ) } {
            pool pool2
        } else {
            HTTP::respond 503 content [ifile get "applicationdown.html"]
        }
    }

}

 

  • sandiksk's avatar
    sandiksk
    Icon for Nimbostratus rankNimbostratus
    May 09, 2024

    Thanks for your response , above logic works only when pool1 members are not equal to zero then simply it goes to uri redirect ,but when the else condition is met and traffic is going to pool2 , i even want the HTTP::redirect "https://[HTTP::host]/testpage". If I apply If for pool2 too its not working .Can you assist me.

    • Paulius's avatar
      Paulius
      Icon for MVP rankMVP
      May 09, 2024

      If that's the case then your original iRule with the "==" correction on the URI match should work. I have also made some formatting changes as well so I would use the iRule in this comment.

      when HTTP_REQUEST priority 500 {

    if { [HTTP::uri] == "/" } {
        HTTP::redirect "http://[HTTP::host]/testpage"
    }
    
    if { [active_members pool1] == 0 } {
        if { ( ( [class -- match [IP::client_addr] == "whitelist"] ) && ( [active_members pool2 ] > 0 ) ) } {
            pool pool2
        } else {
            HTTP::respond 503 content [ifile get "applicationdown.html"]
        }
    }

}

       

      • sandiksk's avatar
        sandiksk
        Icon for Nimbostratus rankNimbostratus
        May 09, 2024

        redirect is working as expected but when both pools are down i dont see traffic going to HTTP::respond 503 content [ifile get "applicationdown.html"] . I get connection reset can't reach the page. 

         


        when HTTP_REQUEST priority 500 {

            if { [HTTP::uri] == "/" } {
                HTTP::redirect "https://[HTTP::host]/testpage"
            }
            
            if { [active_members pool1] == 0 }{
        if { ( ( [class match [IP::client_addr] eq "whitelist"] ) && ( [active_members pool2 ] > 0 ) ) }
        { pool     pool2
          }
          else { 
        log local0. "applicationdown"
               HTTP::respond 503 content [ifile get "applicationdown.html"]
          }
          }
          }

         

         

        lb err tmm[31148]: 01220001:3: TCL error: /Common/applicationdown-irule <HTTP_REQUEST> - Operation not supported. Multiple redirect/respond invocations not allowed (line 1)     invoked from within "HTTP::respond 503 content [ifile get "applicationdown.html"]"
        lb err tmm[31148]: 01220001:3: TCL error: /Common/applicationdown-irule <HTTP_REQUEST> - Operation not supported. Multiple redirect/respond invocations not allowed (line 10)     invoked from within "HTTP::respond 503 content [ifile get "applicationdown.html"]"