For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vishal_96707's avatar
Vishal_96707
Icon for Nimbostratus rankNimbostratus
Feb 19, 2008

Selective HTTPS redirection

I am having following requirement in which the servers in the pool should talk to the virtual server using HTTP only while all other users should redirect to HTTPS. The requirement for servers tal...
application delivery
dev
devops
iRules
Nicolas_Menant's avatar
Nicolas_Menant
Icon for Employee rankEmployee
Feb 19, 2008
Hi,

 

 

Yes it will go to the HTTP_REQUEST anyway.

 

 

What happens is:

 

 

Your CLIENT_ACCEPTED event will say: when you'll forward the request hide the Source IP with this one.

 

 

Then your HTTP_REQUEST will be trigger and it will redirect the user to HTTPS. In this case you didn't forward anything since you just send a redirect to the user so the snat request won't be effective and used.

 

 

With both iRules, anyone talking through HTTP should be redirected through HTTPS.

 

 

If you want not to redirect the servers you should merge everything in the HTTP_REQUEST to obtain something like this :

 

 

when HTTP_REQUEST {

 

if { [matchclass [IP::client_addr] equals $::fmw_nodes]} {

 

snat 192.168.253.250

 

} else {

 

if{ [TCP::local_port] == 80} } {

 

HTTP::redirect https://[HTTP::host][HTTP::uri]

 

}

 

}

 

}

 

 

N.