For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rodrigo_Benzaqu's avatar
rodrigo_Benzaqu
Icon for Nimbostratus rankNimbostratus
Aug 02, 2007

SSL redirection rule with regular expresion

Hi Guys,

 

 

I need to create a rule to redirect

 

 

/???/morethings to https://???/morethings

 

 

Do you think that is possible ?

 

 

Thanks

 

Rodrigo

 

application delivery
dev
devops
iRules

5 Replies

  • Joe_Pruitt's avatar
    Joe_Pruitt
    Aug 02, 2007
    Sure you can do that. Make sure this iRule is on your HTTP virtual and not your HTTPS virtual or else you'll get into a circular loop.

    when HTTP_REQUEST {
  switch -glob [HTTP::uri] {
    "/*/morethings" {
      HTTP::redirect "https://[HTTP::host][HTTP::uri]"
    }
  }
}

    This will match the following

    http://www.foo.com/onething/morethings

    http://www.foo.com/onething/twothing/morethings

    ...

    It will not match this:

    http://www.foo.com/morethings

    Now, if you just want to make sure that your URI ends with "/morethings" you can do something simple like this:

    when HTTP_REQUEST {
  if { [HTTP::uri] ends_with "/morethings" } {
    HTTP::redirect "https://[HTTP::host][HTTP::uri]"
  }
}

    Hopefully this will get you going in the right direction.

    -Joe
  • rodrigo_Benzaqu's avatar
    rodrigo_Benzaqu
    Icon for Nimbostratus rankNimbostratus
    Aug 02, 2007
    Thanks Joe. But I want to redirect only if :

     

     

    URI STARTS with /???/ where ? match 1 letter so if I have :

     

     

    /abc/xxxxx --> match

     

    /abcd/xxxx ---> doesn´t match

     

    /pirulo --> doesn´t match

     

  • Joe_Pruitt's avatar
    Joe_Pruitt
    Aug 02, 2007
    Just change the match pattern in the switch statement:

    when HTTP_REQUEST {
  switch -glob [HTTP::uri] {
    "/abcd/*" -
    "/efgh/*" -
    "/ijkl/*" {
      HTTP::redirect "https://[HTTP::host][HTTP::uri]"
    }
  }
}

    This will match only on the following

    http://www.foo.com/abcd/*

    http://www.foo.com/efgh/*

    http://www.foo.com/ijkl/*

    It will not match on

    http://www.foo.com/aaaa/abcd/*

    http://www.foo.com/abcd

    http://www.foo.com/abc

    http://www.foo.com/ab

    That's because of the second slash in the match strings. Just modify the match statement using wildcards (*) for any sequence of characters/numbers/symbols/etc.

    -Joe
  • rodrigo_Benzaqu's avatar
    rodrigo_Benzaqu
    Icon for Nimbostratus rankNimbostratus
    Aug 02, 2007
    Joe, Sorry I think I´m not explaining my problem correct.

     

     

    URI STARTS with /???/ where ? match 1 letter (Using regular expresions) so if I have for example :

     

     

    /abc/xxxxx --> match so /[a-z][a-z][a-z]/

     

    3 letters from a to z

     

     

    /abcd/xxxx ---> doesn´t match

     

    /pirulo --> doesn´t match
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Aug 02, 2007
    I think Joe is suggesting using the switch command with strings instead of a regex because it's more resource intensive to use a regex.

    You can use the question mark as a wildcard representing any single character. So this should match what you've described so far, where any request that starts with /, any three characters, another forward slash followed by anything would be redirected to the same host and URI via HTTPS:

    
when HTTP_REQUEST {
  switch -glob [HTTP::uri] {
    /???/* {
      HTTP::redirect "https://[HTTP::host][HTTP::uri]"
    }
  }
}

    You can check the TCL man page on switch (Click here) and string match (Click here) for details on string wildcards.

    Aaron