Forum Discussion
cin_75063
Nimbostratus
NimbostratusRedirecting HTTP to HTTPS except certain URLs
Hi
I want to redirect all HTTP request to HTTPS except certain URIs("/abc/0001, /abc/0002, .... /abc/000n").
I'm very new to iRule, so I'd appreciate it if someone could review my script.
////////////////////////////////////////////////////////////////
class redirect_group {
"abc"
}
when HTTP_REQUEST {
set uri [findstr [HTTP::uri] "" 1 "/"]
if {not([matchclass $::redirect_group equals $uri])} {
redirect to "https://[HTTP::host][HTTP::uri]"
}
}
////////////////////////////////////////////////////////////////
Thank you in advance.
hoolioCirrostratus
Hello,
That looks like a good start. Can you provide a few more example URIs that you don't want to redirect? Is there anything after /abc/000n?
It looks like you want to take the first directory in the path and check it against a datagroup containing strings. Do you also want to check the second directory to see if it's numeric or four digits or something else?
Also, in 9.x/10.x you can use HTTP::redirect instead of "redirect to".
Aaron
cin_75063Thank you, Aaron
You are right. I don't want to redirect URIs whose first directory is "abc".
I don't need to check the second directory.
These are some examples which I want to exclude from redirection.
1. /abc/sample.html
2. /abc/0001
3. /abc/0001/sample.htmlAlso, in 9.x/10.x you can use HTTP::redirect instead of "redirect to".
You mean I can replace "redirect to xxxxxxx" with the line like "HTTP::redirect https://[HTTP::host][HTTP::uri]"?- hoolioIs /abc/ static (ie, always the same)? Or are there multiple values for the first directory that you don't want to redirect for?
And yes, you can use HTTP::redirect "https://..." now for the redirect.
Thanks,
Aaron - cin_75063Hello, Aron
I'm sorry for my poor explanation.
/abc/ is static. But it is possible there will be more than one in the furture.
In that case, I think I will add the value to the class "redirect_group" like this;
class redirect_group {
"abc"
"xyz"
}
/xyz/ is another first directory that I don't want to redirect.
Is my understanding right?
Or is there more efficient logic? - hoolioThat makes sense. If you define the datagroup as /abc/, /xyz/, then you can make the iRule simpler:
when HTTP_REQUEST { if {not [matchclass [HTTP::uri] starts_with $::redirect_group]}{ Redirect to https HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }
If the web app is not case sensitive, you could enter the class members in lower case and then set the URI to lower case by replacing [HTTP::uri] in matchclass with [string tolower [HTTP::uri]].
Aaron - cin_75063Thank you, Aaron
Your iRule looks simpler and cooler!
I will try it on my machine. - hoolioGood. Let me know if you see any issues.
Aaron