Forum Discussion
NimbostratusRedirection of the URL based on Source Segment
Hi,
I have two Virtual-Servers named and having same VIP 10.20.20.20.
Both have respective pools named member 10.1.1.1:80) and member 10.1.1.1:443 )
DNS entry URL name lets say: www.test.com
Now requirement is :
1.When Internal users from ( Private segment Class A, CLASS B and CLASS C ) browse http://www.test.com it should redirect to pool: and should not redirect to https://www.test.com
2.While Internet users from ( Any other IP segment apart from CLASS A, CLASS B AND CLASS C ) browse http://www.test.com it should redirect to pool: and should redirect to https://www.test.com
Thanks and Regards PZ
3 Replies
Scott_HopkinsYou should be able to do an iRule for that pretty straight forward.
Default pool for each VS should be it's matching pool. (HTTPS->HTTPS, HTTP->HTTP).
A simple lookup like this will redirect anything that doesn't existing in a data group (defined as an 'address' type) to the internet encrypted side.
when HTTP_REQUEST { if { ! [class match [IP::client_addr] equals internal_subnets] } { HTTP::redirect "https://www.test.com[HTTP::uri]" } }
Parveez_70209Hi Scott,
Ok so you are saying to apply the default pool(HTTP as well as HTTPS) into the respective HTTP and HTTPS VS plus call the above Irule into Only HTTP VS ?
If I am not wrong , this '!' means not equal too correct ? This will work for other segments except the Internal_subnets IP, but don't you think it may drop the packets matching only Internal_segments ?
Kindly guide me as I need to apply the same into prod environment.
Incase the HTTP:uri part dont work, how can we format/edit the below as an alternative to fit my requirement keeping only http:host part
when HTTP_REQUEST { set host [HTTP::host] HTTP::respond 302 Location "https://$host/" }
Thanks and Regards PZ
- Scott_Hopkins
You'll need two iRules like the one above, one for external (on the HTTP virtual server) and one for internal (on the HTTPS vs).
logic goes like this (for the HTTP vs):
if not client_ip in internal_subnets datagroup, redirect to the HTTPS host(* see note below) otherwise, fall through to the default pool for the virtual server (implied) This could be explicitly stated like this:
when HTTP_REQUEST { HTTP if { ! [class match [IP::client_addr] equals internal_subnets] } { HTTP::redirect "https://www.test.com[HTTP::uri]" } else { pool www.test.com-pool-HTTP } }logic goes like this (for the HTTPS vs):
if client_ip in internal_subnets datagroup, redirect to the HTTP host(* see note below) otherwise, fall through to the default pool for the virtual server (implied) This could be explicitly stated like this:
when HTTP_REQUEST { HTTPS if { [class match [IP::client_addr] equals internal_subnets] } { HTTP::redirect "http://www.test.com[HTTP::uri]" } else { pool www.test.com-pool-HTTPS } }(*) I usually use [HTTP::uri] paired with the redirect command to make sure that I do a redirect with the full path they already have. you could write a full HTTP::respond yourself, but I find the HTTP::redirect easier 🙂
