For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Matt_H_58911's avatar
Matt_H_58911
Icon for Nimbostratus rankNimbostratus
Feb 16, 2009

To "/" or not to "/"

Hey all,

 

 

I have a weird one. I have a quick iRule that looks for a string and depending on the string forwards my request to a pool

 

 

when HTTP_REQUEST {

 

switch -glob [string tolower [HTTP::path]] {

 

"/keysadmin*" -

 

"/uninstall*" -

 

"/link*" {

 

pool App_pool

 

log local0. "HTTPS App Pool chosen."

 

}

 

default {

 

pool Web_Deck_pool

 

log local0. "HTTPS Web Deck Pool chosen."

 

}

 

}

 

log local0. "[HTTP::uri]"

 

}

 

 

For the above iRule if I go to:

 

 

https://www.domain.com/keyad/ I get the expected page

 

 

if I go to https://www.domain.com/keyad I am redirected to a 404. Can I have the above iRule add the / for me so it works?
application delivery
dev
devops
iRules

6 Replies

  • Matt_H_58911's avatar
    Matt_H_58911
    Icon for Nimbostratus rankNimbostratus
    Feb 16, 2009
    ooops..

     

     

    Just to clerify my links should be:

     

     

    https://www.domain.com/keyadmin/ I get the expected page

     

     

    if I go to https://www.domain.com/keyadmin I am redirected to a 404. Can I have the above iRule add the / for me so it works?
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 16, 2009
    You could try, but it's hard to guess from an iRule which requests are files which should be left alone and which are directories which should end in a forward slash.

     

     

    Why isn't the application redirecting the client to the correct location? Or is the app trying to? If you use a browser plugin like HttpFox for FF or Fiddler for IE, what do you see in the request/response headers leading up to the 404?

     

     

    Aaron
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 16, 2009
    Are you redirected to http://www.domain.com/keyadmin/ and then get a 404? If so, you can enable rewrite redirects on a custom HTTP profile and add that to your HTTPS VIP to fix this. Try searching on AskF5.com or in the forums here for "rewrite redirects" for details.

     

     

    Aaron
  • Matt_H_58911's avatar
    Matt_H_58911
    Icon for Nimbostratus rankNimbostratus
    Feb 16, 2009
    Yes I am redirected to http://www.domain.com/keysadmin/

     

     

    I found out the backend servers are IIS. So this "/" can be added per the IIS config. I am worried the HTTP rewrite will affect the other hits.
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 16, 2009
    If you specify All or Matching for rewrite redirects, LTM won't modify the URI--it will rewrite the protocol from http to https in the Location header. So the IIS servers will send a redirect to http://www.domain.com/keysadmin/ and LTM will rewrite it to https://www.domain.com/keysadmin/.

     

     

    You can get more information on this in SOL6912.

     

     

    SOL6912: Configuring an HTTP profile to rewrite URLs so that redirects from an HTTP server specify the HTTPS protocol (Click here)

     

     

    Aaron
  • Matt_H_58911's avatar
    Matt_H_58911
    Icon for Nimbostratus rankNimbostratus
    Feb 16, 2009
    Hey guys.... Thanks! I have created an http profile and enabled the Redirect Rewrite to "Matching" and that did what I needed.