Forum Discussion
ppphatak_127926
Nimbostratus
Nimbostratussubstr doesnt work as expected
This is simple rule I wrote. I have a virtual server on port 80 and a proxy for 443, both pointing to this rule.
I was expecting when url is https, it would go to yahoo and when its not https, it would take me to msn.
Problem : In both cases it takes me to msn. First two lines of rules doesnt work at all.
What could be wrong?
if (substr(http_host, 1, 5) == "https") {
redirect to "www.yahoo.com"
}
else {
redirect to "www.msn.com"
}
2 Replies
- There is nothing wrong with your script. The http_host contains the FQDN portion of the URL. Since it contains only the FQDN, it will never match your string compares to the protocol.
Per the 4.6.2 documentation:
The http_host variable specifies the value in the Host: header of the HTTP request. It indicates the actual FQDN that the client requested. Possible values are a FQDN or a host IP address in dot notation.
So, a uri splits out like this:
http://{http_host}{http_uri}
Unfortunately, I don't see a simple way to pick out the protocol portion of the whole URL from within iRules. I'll ask around with the other rules folks here on the 4.x team to see if they have another workaround but at this point I believe that you'll have to have a separate rule for your http and https VIPs. - I don't think so as the full URI is not part of the HTTP header or payload. But, after talking with some folks (thanks uRuleY), I realized that you could use the server_port to distinguish whether it's an ssl connection or not. You could do something like the following
if (server_port == 443) { redirect to "www.yahoo.com" } else { redirect to "www.msn.com" }
That is assuming that you are using standard https ports which it looks like from your URLs.
Keep in mind that this isn't guaranteed to work if the user does something like
http://vip:443
But that probably wouldn't work anyway if you have your vip expecting SSL traffic.
-Joe
