Forum Discussion
rprague_79440
Nimbostratus
NimbostratusRedirecting https traffic to an https subdomain?
Quick disclaimer, while I know what iRules do, I haven't bothered implementing any, because we haven't really needed to, but laws make things complicated, so we're looking for a way to reroute traffic from a main URL to specific subdomains (based on country)
I work for a health and wellness company that does HRA (health risk analysis) for a variety of corporations and governments around the world. Recent law changes in two of the countries we do business in require that all health information remain on servers in their respective countries. Our sales director is concerned about fracturing our customers among many different URLs because of potential customer confusion, so ...
All of our incoming traffic right now goes to:
https://www.domain.com/customername/portal or https://www.domain.com/customername/admin
What I'd like to do is for specific values of redirect them to:
https://subdomain.domain.com/customername/portal or admin.
Right now we have around 1400 distinct customer URLs, and of these 240 need to be redirected to their proper datacenters. I've seen a lot written on redirecting http to https and the like, but nothing about redirecting an https request. Are there problems doing this because of the nature of https sessions? Is something like this possible at all?
A lot of our customers currently use the standard URL and it would be difficult from a sales and customer satisfaction perspective to ask them to change the URL they go to (there's a lot of printed material with the main URL on it for various customers who resell our services).
Any help would be appreciated!
nitassEmployee
Are there problems doing this because of the nature of https sessions? Is something like this possible at all?yes, it is possible.
e.g.
[root@ve1023:Active] config b virtual bar list
virtual bar {
destination 172.28.19.79:443
ip protocol 6
rules myrule
profiles {
clientssl {
clientside
}
http {}
tcp {}
}
}
[root@ve1023:Active] config b class name_dg list
class name_dg {
"coffeebean" { "sg" }
}
[root@ve1023:Active] config b rule myrule list
rule myrule {
when HTTP_REQUEST {
set host [string tolower [HTTP::host]]
if {$host starts_with "www."} {
set cust [getfield [HTTP::uri] "/" 2]
if {[class match -- $cust equals name_dg]} {
HTTP::redirect " map "www [class match -value $cust equals name_dg]" $host][HTTP::uri]"
}
}
}
}
[root@ve1023:Active] config curl -Ik https://www.domain.com/coffeebean/portal
HTTP/1.0 302 Found
Location: https://sg.domain.com/coffeebean/portal
Server: BigIP
Connection: Keep-Alive
Content-Length: 0[root@ve1023:Active] config curl -Ik https://www.domain.com/coffeebean/admin
HTTP/1.0 302 Found
Location: https://sg.domain.com/coffeebean/admin
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
rprague_79440First, thank you for the reply, I think I've got this down, but there are a couple of questions I have.
first, we don't use www.domain.com, its just domain.com, so is there any problem with creating this iRule:
rule myrule {
when HTTP_REQUEST {
set host [string tolower [HTTP::host]]
set cust [getfield [HTTP::uri] "/" 2]
if {[class match -- $cust equals name_dg]} {
HTTP::redirect "https://[class match -value $cust equals name_dr] $host[HTTP::uri]"
}
}
}
What is should do is change https://domain.com/customer/admin to https://sub.domain.com/customer/admin if I have that worded right.
I can't actually test it, because I can't figure out how to create the "name_dg" class you showed in your reply. If you have any pointers on doing that, I'd appreciate it. I'll keep digging through the knowledge base in the meantime.- rprague_79440I'm currently running the following version:
Version BIG-IP 9.3.1 Build 37.1
If that changes how this needs to be configured.edit: Looks like the class command was implemented in 10.x, so this may not work for me as written, no?
hooleylistCirrostratus
Hi rprague,
For 9.3 you can use findclass for the data group lookup.
http://devcentral.f5.com/wiki/iRules.findclass.ashx
Aaron- rprague_79440Thank you Aaron, I'll start looking at that right now.
- rprague_79440After reading up on it, I think this is right:
class name_dr { "drtest dr" } when HTTP_REQUEST { set cust [getfield [HTTP::uri] "/" 2] set drRedir [findclass $cust $::name_dr " "] if {$drRedir != ""}{ HTTP::redirect "https://dr.domain.com/[HTTP::uri]" } }
Going to try to test it Wednesday (taking tomorrow off). If anyone has any pointers, that'd be great 🙂
Thanks for the help!
Ron - hooleylistHi Ron,
That looks good. You could change != to ne as you're doing a string comparison. You should also remove the / before [HTTP::uri] in the redirect as the URI should already start with a forward slash.
Aaron - rprague_79440Couldn't sleep, decided to test it, worked great other than I had to remove the trailing / in the domain.com redirect.
Thanks for all the help.