Forum Discussion
Cathi_Hahn_3185
Nimbostratus
NimbostratusRule to redirect http to https
How do I write a rule to redirect someone from the virtual server "stuff" to the virtual server "stuff-ssl"? We need to force users who do not enter the "https://" to go to the SSL site. I don't normally write code and the samples do not seem to work. Is there another way besides an iRule to do a forced redirect?
Any help would be appreciated.
8 Replies
hoolioCirrostratus
A search for "redirect https" leads to this example:when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }
All requests to the VIP will be redirected to HTTPS. If the original request contains a port in the host header field, it will be removed. So a request to:
http://mysite.com:80/index.php
would be redirected to:
https://mysite.com/index.php
I think this functionality will be built into the GUI using HTTP classes in an upcoming release.
Aaron
Cathi_Hahn_3185I tried that rule, but it did not work. I created the rule and associated it to the appropriate pool, but the outcome did not change. I still need to type https to get to the website.- hoolioHi,
I assume you added it as a resource for the HTTP VIP. You could try adding a log statement to see if the request is making it to the VIP and rule:when HTTP_REQUEST { log local0. "received request from [IP::remote_addr]. Redirecting to https://[getfield [HTTP::host] ":" 1][HTTP::uri]" HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }
Can you test with Firefox + LiveHTTPheaders and see what requests and responses the client is sending and receiving?
Aaron - dennypayne
Employee
For your application I would thinkwhen HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] }
would be sufficient. I haven't needed to use getfield to get this to work in many implementations.
Denny - FYI: The getfield command splitting hostname on the ":" was included in the codeshare rule to make the rule compatible with http virtuals running on non-standard ports.
If a ":" is present in [HTTP::host] (because a non-standard port is included in the Host header in the inbound request), only the characters preceding it (the actual hostname) are returned.
If no ":" is present in the hostname, the entire string is returned.
/deb - Yoda_34023Hi I just copied and pastes the belowiRule into my device, and it's thrown up errors:
when HTTP_REQUEST {log local0. "received request from" [IP::remote_addr]. Redirecting to https://[getfield [HTTP::host] ":" 1][HTTP::uri]" HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]}
Error Message
01070151:3: Rule [test] error:
line 1: [wrong args] [log local0. "received request from" [IP::remote_addr]. Redirecting to https://[getfield [HTTP::host] ":" 1][HTTP::uri]" HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]]
I'm I doing something wrong? - hoolioI just tested this rule:
when HTTP_REQUEST { log local0. "received request from [IP::remote_addr]. Redirecting to https://[getfield [HTTP::host] ":" 1][HTTP::uri]" HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }
And verified that I get redirected correctly. Here is the log entry from /shared/log/ltm:
Aug 3 13:22:14 tmm tmm[7333]: Rule http_https_redirect : received request from 192.168.151.88. Redirecting to https://172.29.0.217/
From the error, it looks like there might be an extra double quote in the log statement after the word 'from'. Can you comment out the log statement with a and retest?
Thanks,
Aaron - Yoda_34023Brill that worked cheers.
:D
