For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

adcounts's avatar
adcounts
Icon for Nimbostratus rankNimbostratus
Nov 11, 2015

Redirects, page unavailable, and Office 365

I am currently facing an interesting issue. I need to perform a redirect but the destination will be based on the response. I need to send site.abccompany.com to https://sso.abccompany.com/adfs/ls?wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=MEST%3D0%26LoginOptions%3D1%26wa%3Dwsignin1%252E0%26rpsnv%3D2%26ct%3D1348618157%26rver%3D6%252E1%252E6206%252E0%26wp%3DMBI%26wreply%3Dhttps%253A%252F%252Fabccompany.sharepoint.com%252Fsites%252Fsite but if abccompany.sharepoint.com/sites/site is not available redirect to down.abccompany.com. I have this in 2 different F5s and need to make the second set of F5s just return a Site Down message if abccompany.sharepoint.com/sites/site is unavailable.

 

I thought about trying to do this by monitoring a node but that doesn't give me what I want. The next thought I had was to use an iRule to check abccompany.sharepoint.com/sites/site for a response and redirect site.abccompany.com accordingly.

 

Currently I am just using this iRule to do the redirect but when SharePoint is unreachable it just hangs.

 

START RULE

 

when HTTP_REQUEST {if { [HTTP::host] ends_with "site.abccompany.com" } {HTTP::redirect "https://sso.abccompany.com/adfs/ls?wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=MEST%3D0%26LoginOptions%3D1%26wa%3Dwsignin1%252E0%26rpsnv%3D2%26ct%3D1348618157%26rver%3D6%252E1%252E6206%252E0%26wp%3DMBI%26wreply%3Dhttps%253A%252F%252Fabccompany.sharepoint.com%252Fsites%252Fsite[HTTP::uri]"} else {} }

END RULE

 

availability
BIG-IP Access Policy Manager (APM)
cloud
monitor
security
TMOS

2 Replies

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Nov 12, 2015

    I think you want that user who previously requested a local sharepoint (host site.abccompany.com) must be redirected to ADFS server (sso.abccompany.com) to authenticate before being redirected to office365 sharepoint (abccompany.sharepoint.com)...

     

    The easiest solution is to redirect requests https://site.abccompany.com/* to https://abccompany.sharepoint.com. it will have one more redirect (transparent for client)

     

    to monitor sharepoint availability, you must create a pool with sharepoint members and use the following irule:

     

    when HTTP_REQUEST { switch [HTTP::host] { "site.abccompany.com" { if { [active_members "Sharepoint_pool"] == 0 } { HTTP::redirect "https://down.abccompany.com" return } else { HTTP::redirect "https://abccompany.sharepoint.com[HTTP::uri]" } } "sso.abccompany.com" { pool ADFS_pool } default {} } }

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Nov 12, 2015

    same irule formatted:

    when HTTP_REQUEST {
    switch [HTTP::host] {
        "site.abccompany.com" {
            if { [active_members "Sharepoint_pool"] == 0 } {
                HTTP::redirect "https://down.abccompany.com"
                return
            } else {
                HTTP::redirect "https://abccompany.sharepoint.com[HTTP::uri]"
            }
        }
        "sso.abccompany.com" { pool ADFS_pool }
        default {}
    }
}