For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

george_burtz_31's avatar
george_burtz_31
Icon for Nimbostratus rankNimbostratus
Feb 02, 2005

requiring client SSL based on URI

Question about writing an iRule for v 903.     Our developers have created a web app that is listed as www.domain.com/folder. When you hit that site, IIS does a redirect to www.domain.com/...
application delivery
dev
devops
iRules
rapmaster_c_127's avatar
rapmaster_c_127
Historic F5 Account
Feb 04, 2005
Have you tried setting up two virtual servers, one on port 80 using profile http, and tcp, and the other using profile http, clientssl and tcp and using a rule?

Something like 

  
  virtual http-www.example.com {  
      destination 192.168.1.1:80  
      ip protocol tcp  
      profile http tcp oneconnect 
      pool non-secure  
      rule redir  
  }  
    
  virtual https-www.example.com {  
      destination 192.168.1.1:443  
      ip protocol tcp  
      profile myclientssl tcp  
      pool secure  
  }  
    
  rule redir {  
      when HTTP_REQUEST {  
          if {[HTTP::uri] starts_with "/folder"} {  
              HTTP::redirect "https://www.example.com/secure-folder"  
          }  
      }  
  }

This should work ok based on what you've described. What are the failure symptoms you're seeing?

Also, quick thing to check: are you sure that /secure-folder URI shouldn't be /secure-folder/ ? If the back end server issues a 3xx redirect, it's likely sending your client to an http://node url again. If that's the case, you can easily solve this by associating your ssl virtual with a new http profile and enabling the 

redirect rewrite matching

parameter on it.