For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Cody_Conklin_17's avatar
Cody_Conklin_17
Icon for Nimbostratus rankNimbostratus
Jul 29, 2005

Simple HTTPS redirect

I have an HTTPS Virtual Server that is terminating SSL. I would also like to take the inbound https requests and append a specific webpage to it. For example, if the user sends a request to https://...
application delivery
dev
devops
iRules
Joe_Pruitt's avatar
Joe_Pruitt
Jul 29, 2005
One way to optimize this rule would be to remove the check for the host. If all traffic on the virtual is going through example.mycompany.com, then the first if is overkill. You might say it's just one string compare, but for 1000's of connections it can add up.

when HTTP_REQUEST {
  if { [HTTP::uri] equals "" or [HTTP::uri] equals "/" } {
    HTTP::redirect https://example.mycompany.com/login_page
  }
}

Another alternative to doing two string comparisons would be to do a single string length command and test for a length less than or equal to 1. If there is a uri it is either empty or starting with a slash.

when HTTP_REQUEST {
  if { [ string length [HTTP::uri] ] <= 1 } {
    HTTP::redirect https://example.mycompany.com/login_page
  }
}

If you wanted to dig a little deeper, then you could try using the "string index" command testing for the 3rd character. If it is empty, then you know there is no trailing portion on the uri.

when HTTP_REQUEST {
  if { [ string index [HTTP::uri] 2 ] equals "" } {
    HTTP::redirect https://example.mycompany.com/login_page
  }
}

I'll leave it to unRuleY to check which one is more optimal.

*Note, I haven't tested these so you might want to give each a run through to see which works.

If you are running multiple hosts on this virtual then you might want to leave in the host comparison.

-Joe