Forum Discussion

Abe_11636's avatar
Abe_11636
Icon for Cirrus rankCirrus
Sep 14, 2011

simple irule not forwarding

this is my irule: (for a vip on 443)

 

 

when HTTP_REQUEST {

 

if { [HTTP::host] eq "http://aira.coxnet.cox.net"} {

 

HTTP::redirect "https://aira.coxnet.cox.net/airnetProp[HTTP::uri]"

 

}

 

}

 

 

 

 

It doesnt get forwarded; if I type in the url it goes in fine

 

The irule order is the last 1

 

 

 

member: Windows server with IIS ( it would easy to do a url forward from iis

 

 

 

Thanks for any advise

 

Joe

 

application delivery
dev
devops
iRules

5 Replies

Sort By
  • Peter_72728's avatar
    Peter_72728
    Icon for Nimbostratus rankNimbostratus
    Sep 14, 2011
    HTTP::host only only contains the host (e.g. aira.coxnet.cox.net) not the protocol. So, the expression in your conditional will always evaluate to false.

     

     

    Incorrect:

     

    if { [HTTP::host] eq "http://aira.coxnet.cox.net"} {

     

     

    Better?:

     

    if { [HTTP::host] eq "aira.coxnet.cox.net"} {

     

  • richard_77048's avatar
    richard_77048
    Icon for Nimbostratus rankNimbostratus
    Sep 14, 2011
    I see two things with your rule.

    First, is that [HTTP::host] is never going to be a full URL. The host portion of the request would be "aira.coxnet.cox.net". Your rule will never match an HTTP host because you will never get one that looks like the one in your rule.

    Second, you say this is rule is on an HTTPS vip. Any requests going to this vip are going to be of the form, "https://aira.coxnet.cox.net/???". It looks like what you are trying to do is redirect HTTP requests to HTTPS. If you want all traffic to go over HTTPS, you could configure a vip listening on port 80 and add a rule that redirects all requests to HTTPS. It might look something like this: 

    
when HTTP_REQUEST {
  HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}

    You could always check the HTTP host on that if you wanted which would make it look like this: 

     
when HTTP_REQUEST {
  if {[HTTP::host] equals "aira.coxnet.cox.net" } {
    HTTP::redirect "https://[HTTP::host][HTTP::uri]"
  }
}

    Richard
  • richard_77048's avatar
    richard_77048
    Icon for Nimbostratus rankNimbostratus
    Sep 14, 2011
    Crap. I had two examples there but one of them got lost...

     

    The first one was the blanket redirect all traffic to HTTPS:

     

    when HTTP_REQUEST {

     

    HTTP::redirect "https://[HTTP::host][HTTP::uri]"

     

    }

     

     

    The modification to it was the addition of the HTTP host check:

     

    when HTTP_REQUEST {

     

    if {[HTTP::host] equals "aira.coxnet.cox.net" } {

     

    HTTP::redirect "https://[HTTP::host][HTTP::uri]"

     

    }

     

    }

     

     

    Richard
  • Peter_72728's avatar
    Peter_72728
    Icon for Nimbostratus rankNimbostratus
    Sep 14, 2011
    It looks like you are also trying to force SSL. So, you need to also check the protocol:

     

     

    if {[TCP::local_port] equals "80"} {...

     

     

    or maybe...

     

     

    if {[HTTP::host] eq "http://aira.coxnet.cox.net" and [TCP::local_port] equals "80"} {...
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Sep 15, 2011
    pls feel free to revise. 

    [root@orchid:Active] config  b virtual bar443 list
virtual bar443 {
   snat automap
   destination 172.28.17.88:https
   ip protocol tcp
   rules myrule
   profiles
      clientssl
      http
      tcp
}
[root@orchid:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
     if {[string tolower [HTTP::host]] equals "aira.coxnet.cox.net"} {
          HTTP::redirect "https://aira.coxnet.cox.net/airnetProp[HTTP::uri]"
     }
}
}

[root@orchid:Active] config  curl -Ik https://aira.coxnet.cox.net/test123
HTTP/1.0 302 Found
Location: https://aira.coxnet.cox.net/airnetProp/test123
Server: BigIP
Connection: Keep-Alive
Content-Length: 0