Forum Discussion
deni_22991
Nimbostratus
Nimbostratusredirect to https multiple uri's while letting others pass through
I am trying to create an iRule that will force ssl on specific multiple URI's under a specific host while letting those that do not need SSL to pass through. I am working on BIG-IP 9.4.7 Build 320.1
I have created a Virtual Server with port 80, created a pool and have added the iRule to the Virtual server. I have a wild card SSL cert that works for our appsf5.com
I have created the following iRule, but it only works once or twice before getting a page not found.
when HTTP_REQUEST
{ if { [HTTP::host] equals "appsf5.com" }{
if { [HTTP::uri] starts_with "/applications/app1" }
{ HTTP::redirect "https://[HTTP::host]/applications/app1/logon.aspx" }
elseif { [HTTP::uri] starts_with "/applications/app2" }
{ HTTP::redirect "https://[HTTP::host]/applications/app2/login.asp" }
elseif { [HTTP::uri] starts_with "/applications/app3" }
{ HTTP::redirect "https://[HTTP::host]/applications/app3/login.asp" }
elseif { [HTTP::uri] starts_with "/applications/app4" }
{ HTTP::redirect "https://[HTTP::host][HTTP::uri]" }
else {HTTP::respond "http://[HTTP::host][HTTP::uri]" }
}
}
56 Replies
deni_22991This is what I have for the fourth uri redirect. It only hits the first logging and there is nothing that shows the second logging for the redirect.
Fri Jan 7 09:22:16 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/login.asp
Fri Jan 7 09:22:17 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/login.asp
Fri Jan 7 09:22:18 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/login.asp
when HTTP_REQUEST { if { [HTTP::host] equals "appsf5.sd.gov" } { log local0. "User went to http://[HTTP::host][HTTP::uri]" switch [string tolower [HTTP::uri]] { "/applications/dp42launchpad*" { HTTP::redirect "https://[HTTP::host]/applications/dp42launchpad/logon.aspx" log local0. "Requested http://[HTTP::host][HTTP::uri] and was redirected to https://[HTTP::host]/applications/dp42launchpad/logon.aspx" } "/applications/st01fastfile*" { HTTP::redirect "https://[HTTP::host]/applications/st01fastfile/login.asp" log local0. "Requested http://[HTTP::host][HTTP::uri] and was redirected to https://[HTTP::host]/applications/st01fastfile/login.asp" } "/applications/gf79biggame*" { HTTP::redirect "https://[HTTP::host]/applications/gf79biggame/login.asp" log local0. "Requested http://[HTTP::host][HTTP::uri] and was redirected to https://[HTTP::host]/applications/gf79biggame/login.asp" } "/applications/gf82*" { HTTP::redirect "https://[HTTP::host][HTTP::uri]" log local0. "Requested http://[HTTP::host][HTTP::uri] and was redirected to https://[HTTP::host][HTTP::uri]" } } } }- Chris_Miller
Altostratus
Am looking into. Can you add -glob after switch? So, "switch -glob [string tolower [HTTP::uri]]" - deni_22991I added the -glob so the line looks like this switch -glob [string tolower [HTTP::uri]]
Now none of my pages for that come up. I get a page cannot be displayed error on the https: and http sites I've been testing. - Chris_MillerYou can remove the -glob then. Anything in the logs after making that change?
- deni_22991The only thing showing in the logs were the logs to the http: sites I was also testing. It didn't show any logs for the https: sites. It just doesn't seem to hit anything past the log which I have right after the if for appsf5.sd.gov
if { [HTTP::host] equals "appsf5.sd.gov" } {
log local0. "User went to http://[HTTP::host][HTTP::uri]"
switch [string tolower [HTTP::uri]] { - Chris_MillerIt wouldn't show any logs for https sites since those hit your HTTPS Virtual Server and the rule isn't applied to that one.
- deni_22991Should this rule be applied to the https virtual server?
I tried bringing up the applications again, changed my 4th https: redirect so that I used http instead and in the log it showed
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/login.asp
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/textss.css
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/t3-trout.jpg
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/t5-deer.jpg
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/t2-mt-rush.jpg
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/t4-hunter.jpg
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/SD-Logo.gif
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/t6-pheasant.jpg
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/spacer.gif
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/gfp-logoSplitR.gif
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/t7-walleye.jpg
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/gfp-logoSplitL.gif
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/nav-c.gif
Fri Jan 7 11:46:32 CST 2011 tmm tmm[2048] Rule apps_withssl HTTP_REQUEST: User went to http://appsf5.sd.gov/applications/gf82/Images/nav-l.gif
Which shows it is hitting the first log, but does not go into the iRule any further to hit the second log at
"/applications/gf82*" { HTTP::redirect "https://[HTTP::host][HTTP::uri]"
log local0. "Requested http://[HTTP::host][HTTP::uri] and was redirected to https://[HTTP::host][HTTP::uri]" } - Chris_MillerPosted By deni on 01/07/2011 09:45 AM
Should this rule be applied to the https virtual server?
Since all your redirects are from http to https, none of your events would be triggered by HTTPS requests so that wouldn't really do much. - deni_22991Thank you for the explanation on that. I thought that was the answer, but I'm new to the F5 and iRules, so I appreciate everything that I can learn.
- Chris_MillerLet's re-add -glob for a second. So, your rule should look like this:
when HTTP_REQUEST { if { [HTTP::host] equals "appsf5.sd.gov" } { log local0. "User went to http://[HTTP::host][HTTP::uri]" switch -glob [string tolower [HTTP::uri]] { "/applications/dp42launchpad*" { HTTP::redirect "https://[HTTP::host]/applications/dp42launchpad/logon.aspx" log local0. "Requested http://[HTTP::host][HTTP::uri] and was redirected to https://[HTTP::host]/applications/dp42launchpad/logon.aspx" } "/applications/st01fastfile*" { HTTP::redirect "https://[HTTP::host]/applications/st01fastfile/login.asp" log local0. "Requested http://[HTTP::host][HTTP::uri] and was redirected to https://[HTTP::host]/applications/st01fastfile/login.asp" } "/applications/gf79biggame*" { HTTP::redirect "https://[HTTP::host]/applications/gf79biggame/login.asp" log local0. "Requested http://[HTTP::host][HTTP::uri] and was redirected to https://[HTTP::host]/applications/gf79biggame/login.asp" } "/applications/gf82*" { HTTP::redirect "https://[HTTP::host][HTTP::uri]" log local0. "Requested http://[HTTP::host][HTTP::uri] and was redirected to https://[HTTP::host][HTTP::uri]" } } } }
Let me know if the page doesn't load.
