For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kg_50758's avatar
kg_50758
Icon for Nimbostratus rankNimbostratus
Jul 25, 2007

Standard HTTPs redirect

I am new to iRules, when i tried the standard https redirect if the url ends with '.do, could not get it to working. iRules i used is as below     when HTTP_REQUEST {   if { [HTTP::uri]...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jul 26, 2007
If you have the iRule applied only to an HTTP virtual server without the if statement, all requests should be redirected to the same host and URI from the request but to HTTPS. If you were seeing endless looping, it either means you had the same iRule applied to the HTTPS virtual server, you have a single virtual server which is listening on any port, or the application is redirecting https requests to http.

Can you ensure that the rule is only applied to an HTTP virtual server? Can you add a separate rule to log the request/response info after your rule has triggered?


when HTTP_REQUEST priority 501 {
   set request_info "client: [IP::client_addr] -> ([virtual name] - [IP::local_addr]:[TCP::local_port]) [HTTP::host][HTTP::uri]"
}
when HTTP_RESPONSE priority 501 {
   set headers "Headers: "
   foreach aHeader [HTTP::header names] {
      set headers "$headers$aHeader: [HTTP::header value $aHeader] "
   }
   log local0. "Request Info: $request_info; Response Info: status: [HTTP::status]; $headers"
}

You should see a log entry for each request/response pair like this:

Rule test_rule : Request Info: client: 192.168.99.40 -> (test_asm_vip - 192.168.101.41:80) asm_vip/; Response Info: status: 200; Headers: client_info: no_info_received header_to_keep: keep2 header_to_keep: keep2 header_to_delete: delete2 header_to_delete: delete2 header_with_space_in_value: val ue Set-Cookie: persist_cookie=761637056.20480.0000; path=/ Connection: Keep-Alive Content-Length: 83 Set-Cookie: persist_cookie=761637056.20480.0000; path=/

Also, the logs for the requests you posted don't show it, but your app uses a jsessionid in the URI. Therefore, I think the HTTP::path value will be /path/to/file.do;jsessionid=some_string_of_chars and then the query string. You will need to account for this in the parsing if you want to redirect HTTP requests with the jsessionid in the URI to HTTPS. If the length of the jsessionid is always the same, you could use a string command or findstr to logically remove this when determining whether it's a request for a .do file.

Thanks,

Aaron