Forum Discussion

BrianG_11931's avatar
BrianG_11931
Icon for Nimbostratus rankNimbostratus
Jan 24, 2014

SharePoint Redirect To New Path Using Public Name

Hello,

 

I'm trying to use the following code to redirect public traffic over a secure link (https://) to a SharePoint 2013 server that's listening on port "33230" at "/sites/BI/". I did this before with a SharePoint 2010 server listening on port "80" at "/" without a problem, but this time I'm just getting text from the site in one long column instead of text on top of graphics with the proper formatting (Browsers don't make a difference and I have the same problem with-in the company unless I access the server with the server name in the URL with-in our company and then it looks fine). Firewall has port 80 and 443 open to accept incoming connections to the Virtual IP. Here's the iRule:

 

    "dashboards.domain.com" {
            switch [TCP::local_port] {
                80 { HTTP::redirect "https://[HTTP::host]/sites/BI/" }
                443 {
                     if { [HTTP::uri] != "/sites/BI/" } {
                          HTTP::redirect "https://[HTTP::host]/sites/BI/"
             }
                     pool SharePoint_Dashboards_pool
                }
             }
     }

I have the following SharePoint Alternate Access Mappings setup in this order:

 

http://SERVER[Default]http://SERVER

 

http://SERVER:33230[Default]http://SERVER:33230

 

https://dashboards.domain.com:33230[Internet]https://dashboards.domain.com:33230

 

http://dashboards.domain.com:33230[Internet]https://dashboards.domain.com:33230

 

Thanks, Brian

 

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Hi Brian, I'm a bit confused. The SharePoint web app is listening on port 33230, but I don't see port 33230 in your switch statement or redirect location.

    I'm not sure that if statements nested inside switch statements work very well. Also, it's true that HTTP::uri will change the URI before it's sent to the server, but the browser doesn't get informed of that, which can cause issues. You could use HTTP::respond in this way to accomplish the same:

    when HTTP_REQUEST  {
        if { [string tolower [HTTP::host]] contains "dashboards.domain.com" && [HTTP::uri] equals "/" }  {
            HTTP::respond 302 Location "https://dashboards.domain.com:33230/sites/BI"
        }
    }
    

    I'm curious about what happens when you point dashboards.domain.com at one of your server IPs, rather than the virtual server. Same result?

    Mike

    • BrianG_11931's avatar
      BrianG_11931
      Icon for Nimbostratus rankNimbostratus
      Thanks. I have the pool member listening on port 33230. Could I accept connections on BIG-IP at port 443 and then pass them on to 33230 without having port 33230 part of the URL? Oddly I had it working without the port as part of the URL, but the graphics never appeared in the browser! I actually have some nested switching setup now as I want to handle connections on port 80 and redirect to https:// with the URI, but connections can also come in to port 443 without the URI and I redirect to https:// with the URI. Can I use this without specifying port 33230? Here's the code: when HTTP_REQUEST { switch -glob [getfield [HTTP::host] ":" 2] { "80" { HTTP::redirect "https://[HTTP::host]/sites/BI/" } "443" { switch -glob [string tolower [HTTP::uri]] { "/sites/bi/" { pool SharePoint_Dashboards_pool } "/" { HTTP::redirect "https://[HTTP::host]/sites/BI/" } } } } } Finally, what's the difference performance-wise and behind-the-scenes using "HTTP::redirect" vs "HTTP::respond 301" or "HTTP::respond 302". I thought about using one of the later two instead, but "HTTP::redirect" seems to be working fine. And is there a case where "HTTP::redirect" is preferred-to-be-used? Is "HTTP::redirect" only meant for switching between "http://" and "https://" and the like protocols? Because that's how I first learned to use it in class.
    • BrianG_11931's avatar
      BrianG_11931
      Icon for Nimbostratus rankNimbostratus
      Oh, and do you also know if there's a sway to switch based on protocol (i.e. http:// or https://) instead of port? I researched this yesterday, but I didn't find anything.
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    The port number is usually not going to be included in HTTP::host for 80/443 requests. And, if this virtual server is using a client SSL profile, then your redirect based on the port 80 case will never get triggered.

     

    You'll need to create a virtual server at port 80 using the same IP address, and apply the _sys_https_redirect iRule to it. That will redirect all http:// unencrypted connections to your SSL virtual server, which should have something similar to the rule I posted above attached to it.

     

    IIRC, HTTP::redirect is basically the same as "HTTP::respond 302 Location: ". HTTP::respond gives you more control if you want to include other headers, cookies, etc with your response.

     

    I am not sure that using the custom port number for your pool members will work, because SharePoint is expecting a certain URL scheme for requests to a particular zone. Ports 443 and 33230 would need to have their own zones in Alternate Access Mappings. I have never tried that...you may want to experiment a bit with that.

     

    • BrianG_11931's avatar
      BrianG_11931
      Icon for Nimbostratus rankNimbostratus
      I actually have 1 iRule used in both a VS @ port 80 and VS @ port 443. I'm using code with-in my iRule to redirect instead of "_sys_https_redirect" because I use some other code in the iRule which is not relevant to this issue. Good point about port not being included for 80/443 requests. I updated my code to switch on "[TCP::local_port]" instead. I played around with the Alternate Access Mappings (AAM) and I could setup the server for traffic coming in from 443 (to port 33230) and I see the URL that I want in the browser finally (https://dashboards.domain.com/sites/BI/_layouts...), but I get the error message "Sorry, something went wrong. An unexpected error has occurred". My account has access to the site, so that shouldn't be an issue.
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account

    Thinking more about it, in AAMs you should be able to set your public URL to https://dashboards.domain.com, and add an internal URL for https://dashboards.domain.com:33230. That's essentially what we do when SSL offloading.