Standard HTTPs redirect

You might want to compare with HTTP::path instead of HTTP::uri. HTTP::uri contains the query string as well as the path/object, whereas HTTP::path contains only the path/object. Can you try the following:

when HTTP_REQUEST {
   log local0. "client [IP::client_addr] -> [HTTP::host] for uri: [HTTP::uri], path: [HTTP::path]
   if { [HTTP::path] ends_with ".do" } {
      HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
   }
}

Aaron

Thanks for your response Aaron.

 

Above iRule code is also not working. Is it because of version 9.1.2 Build 69.0??. Or am i missing any patch?.

 

Where would i see the log output for the above iRule code??.

 

 

Thanks again,

 

KG

The syslog-ng local0.* facility is sent to /var/log/ltm by default. You can either view the file using the command line (with 'tail -f /var/log/ltm' or less /var/log/ltm), or use the GUI's log section under System | Logs | Local Traffic.

 

 

And this rule should work with any 9.x version, so I don't believe it's an issue with the specific version you are running.

 

 

Aaron

When i take out the 'if' statement from the iRule code you provided, the browser keeps loading forever and not bringing up the next page. Any idea what would be the problem, could not see any useful information in the logs.

 

 

when HTTP_REQUEST {

 

log local0. "client [IP::client_addr] -> [HTTP::host] for uri: [HTTP::uri], path: [HTTP::path]"

 

HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]

 

}

 

 

Thanks

 

KG

Are you applying the redirect rule to the HTTP virtual server? I would have assumed you wanted to redirect the HTTP requests to the same URI, but via HTTPS. It sounds like you may have the rule applied to the HTTPS virtual server.

 

 

Can you post one of the log entries that shows the HTTP::uri output?

 

 

Thanks,

 

Aaron

Aaron, i am sure that iRules is applied to https. Below are the logs entry from GUI,

 

Thu Jul 26 11:34:14 EDT 2007 tmm tmm[729] Rule https_redirect_devCentral : client 150.150.15.1 -> 65.14.130.44 for uri: /breezeWeb/, path: /breezeWeb/

 

Thu Jul 26 11:30:32 EDT 2007 tmm tmm[729] Rule https_redirect_devCentral : client 150.150.15.1 -> 65.14.130.44 for uri: /, path: /

 

Thu Jul 26 11:30:15 EDT 2007 tmm tmm[729] Rule https_redirect_devCentral : client 150.150.15.1 -> 65.14.130.44 for uri: /breezeWeb/, path: /breezeWeb/

 

Thu Jul 26 11:28:02 EDT 2007 tmm tmm[729] Rule https_redirect_devCentral : client 150.150.15.1 -> 65.14.130.44 for uri: /breezeWeb/, path: /breezeWeb

 

I'm not sure what you're overall goal is then. I assumed you wanted to redirect some HTTP requests to the same URI but via HTTPS. If you're applying the iRule to an HTTPS virtual server, the request is already being made over HTTPS. So as expected, you will get a looping redirect.

 

 

Can you clarify what you're trying to accomplish?

 

 

Thanks,

 

Aaron

Sorry i missed "not" (applied to https) in my previous message. Your understanding is correct i want to redirect http request to https for some uri. Even for all http request the redirect is not working: page loads for long time and gives page cannot be displayed message. Thanks!.

If you have the iRule applied only to an HTTP virtual server without the if statement, all requests should be redirected to the same host and URI from the request but to HTTPS. If you were seeing endless looping, it either means you had the same iRule applied to the HTTPS virtual server, you have a single virtual server which is listening on any port, or the application is redirecting https requests to http.

Can you ensure that the rule is only applied to an HTTP virtual server? Can you add a separate rule to log the request/response info after your rule has triggered?

when HTTP_REQUEST priority 501 {
   set request_info "client: [IP::client_addr] -> ([virtual name] - [IP::local_addr]:[TCP::local_port]) [HTTP::host][HTTP::uri]"
}
when HTTP_RESPONSE priority 501 {
   set headers "Headers: "
   foreach aHeader [HTTP::header names] {
      set headers "$headers$aHeader: [HTTP::header value $aHeader] "
   }
   log local0. "Request Info: $request_info; Response Info: status: [HTTP::status]; $headers"
}

You should see a log entry for each request/response pair like this:

Rule test_rule : Request Info: client: 192.168.99.40 -> (test_asm_vip - 192.168.101.41:80) asm_vip/; Response Info: status: 200; Headers: client_info: no_info_received header_to_keep: keep2 header_to_keep: keep2 header_to_delete: delete2 header_to_delete: delete2 header_with_space_in_value: val ue Set-Cookie: persist_cookie=761637056.20480.0000; path=/ Connection: Keep-Alive Content-Length: 83 Set-Cookie: persist_cookie=761637056.20480.0000; path=/

Also, the logs for the requests you posted don't show it, but your app uses a jsessionid in the URI. Therefore, I think the HTTP::path value will be /path/to/file.do;jsessionid=some_string_of_chars and then the query string. You will need to account for this in the parsing if you want to redirect HTTP requests with the jsessionid in the URI to HTTPS. If the length of the jsessionid is always the same, you could use a string command or findstr to logically remove this when determining whether it's a request for a .do file.

Thanks,

Aaron

Aaron,

 

Getting this compilation error while using your iRule code,

 

when HTTP_REQUEST priority 501 {

 

set request_info "client: [IP::client_addr] -> ([virtual name] - [IP::local_addr]:[TCP::local_port]) [HTTP::host][HTTP::uri]"

 

}

 

when HTTP_RESPONSE priority 501 {

 

set headers "Headers: " foreach aHeader [HTTP::header names] { set headers "$headers$aHeader: [HTTP::header value $aHeader] " } log local0. "Request Info: $request_info; Response Info: status: [HTTP::status] $headers"

 

}

 

 

01070151:3: Rule [log_request_response] error:

 

line 5: [wrong args] [set headers "Headers: " foreach aHeader [HTTP::header names] { set headers "$headers$aHeader: [HTTP::header value $aHeader] " } log local0. "Request Info: $request_info; Response Info: status: [HTTP::status] $headers"]

 

 

1. Same iRule is not applied to https virtual server. I have 2 virtual server one for http and one for https, service ports are 80 and 443 respectively.

 

2. Ensured rule is applied only to http virtual server.

 

3. I understand the complication on uri having jsessionid and parsing, that is the reason i want to get all the request redirected to https without the if statement first.

 

 

Thanks

 

KG