Forum Discussion
Redirect or Append URI with a new path /newpath, for a https website.
What is the best way to handle an https site that requires authentications, but would like the F5 to append or redirect traffic to a new path?
https://exam.mycomp.com/ to https://exam.mycomp.com/newpath ?
I've tried using : when HTTP_REQUEST { if {[HTTP::path] eq "/"}{ HTTP::path "/newpath" } }
but the website does not handle http profile at all. It just spins and crashes. Please advise. Thanks.
You should be able to use the same iRule on your 443 virtual server as long as you apply a client SSL profile. If your servers on the back end are expecting SSL, then yes you will need to apply a server SSL profile as well. The standard serverssl profile will do in most cases unless the server is doing some kind of certificate based authentication.
- Cory_50405
Noctilucent
Do you have a client SSL profile applied to your 443 virtual server? You'll need to decrypt the SSL in order to inspect the HTTP traffic and redirect. The client SSL profile will terminate the SSL at the BIG-IP so you can perform layer 7 functions like HTTP redirection.
- Wayne_159516
Nimbostratus
I do not have that. What's the best way to create one?
- Cory_50405
Noctilucent
Try to obtain the certificate and private key from the server in question. Then load that into your LTM and apply it to a client SSL profile. Then apply that client SSL profile to your 443 virtual server.
You might also want to make sure you capture "" as the path.
HTTP_REQUEST { if {[HTTP::path] eq "/" || [HTTP::path] eq ""} { HTTP::path "/newpath" } pool target_pool }
- Wayne_159516
Nimbostratus
What if I need to use a vanity name? And need to redirect that to the '/path' ?
http://vanityname/ needs to point to https://exam.mycomp.com/newpath ?
What is the best way to incorporate that? Thanks.
- Wayne_159516
Nimbostratus
when HTTP_REQUEST {
if {[HTTP::host] eq "vanityname" || [HTTP::host] eq "vanityname.mycomp.com" } {
HTTP::redirect "https://exam.mycomp.com/newpath/"
} }
So I confirmed this works on port80/http.
Unfortunately, I need to get this working on port443/https on the virtual server and the backend nodes in the pool.
I know I probably need a client ssl profile, but do I need a server ssl profile for the backend nodes listening on 443?
Does the client ssl profile use the same certificate as the server ssl profile? Should the certificate be for the vanityname or the actual name?
- Cory_50405
Noctilucent
You should be able to use the same iRule on your 443 virtual server as long as you apply a client SSL profile. If your servers on the back end are expecting SSL, then yes you will need to apply a server SSL profile as well. The standard serverssl profile will do in most cases unless the server is doing some kind of certificate based authentication.
- Wayne_159516
Nimbostratus
Do I still need to check for [HTTP::path] eq "/" || [HTTP::path] eq "" ? - Cory_50405
Noctilucent
What's the final state of your iRule? Can you post the most recent? It may still be needed but I want to see what you're working with right now.
- Wayne_159516
Nimbostratus
this is the current one. I've tested this on a test vip on 443. It appears to work.
when HTTP_REQUEST {
if {[HTTP::host] eq "vanityname" || [HTTP::host] eq "vanityname.mycomp.com" } {
HTTP::redirect "https://exam.mycomp.com/newpath/"
}
}
- Cory_50405
Noctilucent
Since you're redirecting away from the original host request, no path checking should be needed. This shouldn't put you in any redirect looping scenarios. - Wayne_159516
Nimbostratus
Ah, i see. Thank you.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com