For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Antonio_Varni's avatar
Antonio_Varni
Icon for Nimbostratus rankNimbostratus
May 09, 2008

rewrite server redirect back to client to HTTPS _if_ the original client request was also HTTPS

Strange that I need to write an iRule to do this (I'd think this would be a fairly common need) - but I have a webapp that I want to migrate over to SSL using the LTM. While we get our CA certs pushe...
dev
devops
iControl
Colin_Walker_12's avatar
Colin_Walker_12
Historic F5 Account
May 09, 2008
I've seen a few people doing something similar, but that's a pretty clean example. I'd make a couple of small changes, though

 

 

1. You can avoid extra overhead by getting rid of un-needed variables, such as $location, $vip_port and $newlocation.

 

2. You can use the HTTP::host command to carry over the requested hostname and HTTP::uri for the uri, instead of using the substr command.

 

3. By using the appropriate TCP command in the right context, you can skip the HTTP_REQUEST event code all together.

 

 

The updated rule would look like:

 

 

  
  when HTTP_RESPONSE {  
    if { [HTTP::is_redirect] and ([TCP::server_port] == 443) and ([HTTP::header Location] starts_with "http://")} {  
      log local0.info "rewriting ssl server to client Location redirect from [HTTP::header Location] to https://[HTTP::host][HTTP::uri]"  
      HTTP::header replace Location https://[HTTP::host][HTTP::uri]  
    }  
  }

 

 

HTH,

 

Colin