Forum Discussion

dp_119903's avatar
dp_119903
Icon for Cirrostratus rankCirrostratus
Jan 04, 2017

Redirect Rewrite not working - how write an irule to redirect non-standard port

Simple port change, just not sure which path to take.

I have a virtual server that is listening on 443. It redirects to a server on the backside that is listening on http (not SSL) via port 10108.

When users are clicking around this server there are links that are taking them to http://URL.EXAMPLE.COM:10108.

In the past I've always applied an HTTP profile and just did rewrite redirect to "all". But for some reasons it's not catching this one. So I'm trying to write an irule that says

...when an http request comes in for 10108 go ahead and take the 10108 off and redirect it to https. I think that for this to work I would have to first create virtual server to listen on 10108...which I don't really want to do. So my question(s) are as follows:

  1. why isn't redirect rewrite working? Isn't that the entire point of that command
  2. if I want to just redirect these inbound requests do I need to have a server listening on 10108 (pretty sure that is a yes...otherwise my understanding of traffic flow is completely off)
  3. What irule command do I use to replace just the port? I believe that the HTTP::header contains the port. I don't think that the port is contained in the URI or in the PATH, so do I need to replace the header with the stripped off port number? To maintain the rest of the URI do I need to first save that as a variable and then add it back in?


when HTTP_REQUEST { 
  if {[HTTP::header] contains "10108" 
    HTTP::header replace Host "URL.EXAMPLE.COM"
    HTTP::redirect https://[HTTP::host]/HTTP::uri
}

...that certainly doesn't look right, so any help would be appreciated.

  • Well, enough digging and I guess you can answer your own question.

    I found that a stream profile was needed, I presume b/c it wasn't actually a redirect but I'm not entirely certain. With that said, I applied an empty stream profile and the following irule:

    
    when HTTP_REQUEST {
         tell server not to compress response
        HTTP::header remove Accept-Encoding
    
         disable STREAM for request flow
        STREAM::disable
    }
    when HTTP_RESPONSE {
         catch and replace redirect headers
        if { [HTTP::header exists Location] } {
            HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header 
    Location]]
        }
    
         only look at text data
        if {[HTTP::header "Host"] contains "10108" }  { } {
    
             create a STREAM expression to replace any http:// with https://
            STREAM::expression {@http://example.com:10108@https://example.com@}
    
             enable STREAM
            STREAM::enable
        }
    }
    

    ...and it works like a champ.

  • ...after thinking about this for a few more minutes I think it's probably pretty simple.

     

    1. create a virtual server listening on port 10108
    2. create an irule that simply redirects anything inbound to that to the https:// site without the port
    3. so if that's the case...I can do that, but isn't this what redirect re-write is really for?
    4. How can I troubleshoot redirect rewrite?
  • ...so just to be clear here's what is happening.

     

    I have a virtual server listening on 443, doing SSL offloading.

     

    The servers are listening on port 10108.

     

    When the user is logged in (hitting the virtual on 443) there are links where they run reports and other stuff, when they click the link it's taking them to:

     

    http://example.com:10108/longURIhere

     

    If I ask the user to copy the "longURIhere" and go to:

     

    https://example.com/longURIhere

     

    it works.

     

    So this to me looks like the redirect rewrite isn't working (though it is b/c it works for other things like when they login there is a redirect and if I disable redirect rewrite they get sent to 10108. So what am I missing?

     

  • Well, enough digging and I guess you can answer your own question.

    I found that a stream profile was needed, I presume b/c it wasn't actually a redirect but I'm not entirely certain. With that said, I applied an empty stream profile and the following irule:

    
    when HTTP_REQUEST {
         tell server not to compress response
        HTTP::header remove Accept-Encoding
    
         disable STREAM for request flow
        STREAM::disable
    }
    when HTTP_RESPONSE {
         catch and replace redirect headers
        if { [HTTP::header exists Location] } {
            HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header 
    Location]]
        }
    
         only look at text data
        if {[HTTP::header "Host"] contains "10108" }  { } {
    
             create a STREAM expression to replace any http:// with https://
            STREAM::expression {@http://example.com:10108@https://example.com@}
    
             enable STREAM
            STREAM::enable
        }
    }
    

    ...and it works like a champ.