Forum Discussion
Greg_Harris_111
Nimbostratus
NimbostratusRedirect to HTTPS with no HTTP site
I see in the forums that redirect has been covered a lot. But here is my issue: can I force a client coming in to BIG-IP with http://www.domain.com to https://www.domain.com without have an http vip listening? All our servers are https and we currently have to make one additional vip at port 80 for the iRule to work, thus doubling the number of virtual servers. Am I missing something?
Thanks in advance,
Greg
- no, you're not missing anything. That is the approach you'll need to take.
/deb - Deb's right on this one. You have to have something listening on port 80 to receive the HTTP traffic, and respond to the client, telling it to re-negotiate on port 443 at the appropriate address.
-Colin - You could make a wildcard virtual on port 80 and have the iRule generically redirect to the same virtual on https:
virtual generic_http { destination 0.0.0.0:80 mask 0.0.0.0 ip protocol tcp profile tcp http rule generic_redirect } rule generic_redirect { when HTTP_REQUEST { if { [HTTP::header exists host] } HTTP::redirect https://[HTTP::host][HTTP::uri] } else { HTTP::redirect https://[IP::local_addr][HTTP::uri] } } }
This would allow you to only make the one virtual and rule that generically redirects all http traffic to your https virtuals. - JRahm
Admin
To expand on Colin's response, you have the option of setting up a wildcard virtual server that listens on all ports, then use iRules to pick up the ones you are interested in. Here's some sample code to get you started.rule http_redirect { when CLIENT_ACCEPTED { if { [TCP::local_port] == 443 } { set serverport https } elseif { [TCP::local_port] == 80 } { set serverport http } else { discard } } when HTTP_REQUEST { if { [TCP::local_port] == 80 } { redirect https://[HTTP::host][HTTP::uri] } }
