For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

nich_66940's avatar
nich_66940
Icon for Nimbostratus rankNimbostratus
Sep 27, 2007

Rewriting 302 redirects

We have come 'intelligent' website code that redirects the user to SSL pages based on what the developer originally thought best.     As we are using SSL offloading on the BigIP this has meant t...
application delivery
dev
devops
iRules
Colin_Walker_12's avatar
Colin_Walker_12
Historic F5 Account
Sep 27, 2007
Nice work! This looks really close, not to mention tricky! You can simplify it a little though.


when HTTP_RESPONSE {
  if { [HTTP::status] == "302" } {
    if { [HTTP::header "Location"] starts_with "http://example.com/secure/" } {
        HTTP::header replace "Location" [string map {http https} [HTTP::header "Location"] ]
    }
  }
}

Of course, it sounds like you're going to have multiple URLs you want to check for in the location header. In this case you'll want to make use of either switch or matchclass, depending on how many you want to check.

That would look something like"


when HTTP_RESPONSE {
  if { [HTTP::status] == "302" } {
    switch -glob [string tolower [HTTP::header "Location"] ] {
      "http://example.com/secure/*" -
      "http://example.com/private/*" -
      "http://example.com/restricted/*" -
      "http://someothersite.com/keepout/*" -
      "http://reallyprivatestuff.com/shouldbeencrypted/*" -
      default {
        HTTP::header replace "Location" [string map {http https} [HTTP::header "Location"] ]
      }
    }
  }
}

HTH,

Colin