Forum Discussion
Nimbostratusuri redirect irule help
Hello.
I have a couple VIPS in place that I am testing with trying to get it working.
BIG-IP Version 10.2.2 969.0
Hotfix HF4 Edition
virtuals:
virtual test_80 {
destination 10.88.14.29:http
ip protocol tcp
rules HTTPSRedirect
profiles {
http {}
oneconnect {}
tcp {}
}
}
b virtual test_443 {
pool qa
destination 10.88.14.29:https
ip protocol tcp
rules test_8080
profiles {
https_rewrite {}
oneconnect {}
qa.selfcert {
clientside
}
tcp-lan-optimized{}
}
}
simple HTTP-HTTPS redirect on the VS_80
rule HTTPSRedirect {
when HTTP_REQUEST {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
}
rule test_8080 {
when HTTP_REQUEST {
if {[HTTP::uri] equals "/"} {
HTTP::uri "/snoop"
}
HTTP::header replace Host "[HTTP::host]:8080"
}
}
as it stands the above VS/irules are working as expected.
if you hit http://qa.domain.com you get redirected to https://qa.domain.com - no issue
when you get https://qa.domain.com you also get directed to https://qa.domain.com:8080/snoop - no issue
now basically we want:
to keep the :8080/snoop header replacement
so that https://qa.domain.com/snoop replaces with https://qa.domain.com:8080/snoop
but if request is https://qa.domain.com you get directed to https://qa.domain.com/something/homepage
I started by modifying the test_8080 rule with:
when HTTP_REQUEST {
if {[HTTP::uri] equals "/snoop"} {
HTTP::uri "/snoop"
}
HTTP::header replace Host "[HTTP::host]:8080"
if {{HTTP::uri} equals "/"} {
HTTP::redirect "something/homepage"
}}
although the /snoop function still works, the https://qa.domain.com doesn't get redirected to https://qa.domain.com/something/homepage.
any help is appreciated.
10 Replies
Michael_YatesHi Jace,
You shouldn't have to worry about the ":8080". Virtual Servers provide Port Translation by default so you can configure the Virtual Servers to listen on 80/443 and run the application on any port you want in the background.
Try a logging statent to the LTM Log to see what is going on (or use something like HTTPWatch). Something after the redirect like:
log local0. "Redirect Path: [HTTP::host][HTTP::uri]"
It also looks like your redriect is missing a "/". Try changing it to: HTTP::redirect "/something/homepage"
Hope this helps.- Jace_45978
guess i should also mention that the pool is :
pool qa {
monitor all URL_health_response
members {
10.88.5.30:webcache {}
10.88.5.31:webcache {}
}
} - Jace_45978
verified the extra / in the irule and still no worky
when HTTP_REQUEST {
if {[HTTP::uri] equals "/snoop"} {
HTTP::uri "/snoop"
}
HTTP::header replace Host "[HTTP::host]:8080"
if {{HTTP::uri} equals "/"} {
HTTP::redirect "/something/home"
log local0. "Redirect Path: [HTTP::host][HTTP::uri]"
}}doesn't appear to be logging to /var/log/ltm either.
currently the https://qa.domain.com sends to default webserver "ibm" page :) trying to get my httpwatch going.
- if {{HTTP::uri} equals "/"} { should be if {[HTTP::uri] equals "/"} { - Curlies vs Square brackets. That will definitely change how things parse, unless that was a typo going from your BIG-IP to here?
Colin - Jace_45978
corrected irule still not getting redirected:
when HTTP_REQUEST {
if {[HTTP::uri] equals "/snoop"} {
HTTP::uri "/snoop"
}
HTTP::header replace Host "[HTTP::host]:8080"
if {[HTTP::uri] equals "/"} {
HTTP::redirect "https://qa.domain.com/something/home"
}}even added the qa.domain.com into redirect and tried HTTP::redirect "/something/home"
still not getting the "/something/home" page but get default IBM websphere page
/snoop still works
- Michael_YatesYou should remove this line from the iRule: HTTP::header replace Host "[HTTP::host]:8080"
It should then start to behave properly.
You should not need to alter anything, the BIG-IP should do port translation for you from your 80/443 Virtual Servers to the Port Number on the Server(s) in the Pool. - nitass
Employee
i think you may try http analyzer tool or tcpdump/ssldump to see what is going on.
HttpFox (http analyzer tool)
https://addons.mozilla.org/en-us/firefox/addon/httpfox/
for tcpdump, you can run on interface 0.0 and filter by using vip and pool member ip and port
tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap '(host 10.88.14.29 and port 443) or (host 10.88.5.30 or host 10.88.5.31 and port 8080)'
How to Decrypt SSL and TLS Traffic using Wireshark
http://support.citrix.com/article/CTX116557
by the way, this is my testing.[root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.252:443 ip protocol 6 rules myrule profiles { clientssl { clientside } http {} tcp {} } } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:8080 {} } [root@ve10:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { if {[HTTP::uri] equals "/snoop"} { HTTP::uri "/snoop" } HTTP::header replace Host "[HTTP::host]:8080" if {[HTTP::uri] equals "/"} { HTTP::redirect "https://qa.domain.com/something/home" } } } / [root@centos17 ~] curl -ik https://172.28.19.252/ -H "Host: qa.domain.com" HTTP/1.0 302 Found Location: https://qa.domain.com/something/home Server: BigIP Connection: Keep-Alive Content-Length: 0 /snoop [root@ve10:Active] config ssldump -Aed -nni 0.0 port 443 or port 8080 -k /config/ssl/ssl.key/default.key New TCP connection 1: 172.28.20.17(36425) <-> 172.28.19.252(443) 1 1 1367142991.8771 (0.0168) C>S SSLv2 compatible client hello 1 2 1367142991.8771 (0.0000) S>CV3.1(81) Handshake 1 3 1367142991.8771 (0.0000) S>CV3.1(953) Handshake 1 4 1367142991.8771 (0.0000) S>CV3.1(4) Handshake 1 5 1367142991.8790 (0.0019) C>SV3.1(262) Handshake 1 6 1367142991.8790 (0.0000) C>SV3.1(1) ChangeCipherSpec 1 7 1367142991.8790 (0.0000) C>SV3.1(36) Handshake 1 8 1367142991.8968 (0.0177) S>CV3.1(1) ChangeCipherSpec 1 9 1367142991.8968 (0.0000) S>CV3.1(36) Handshake 1 10 1367142991.8982 (0.0014) C>SV3.1(180) application_data --------------------------------------------------------------- GET /snoop HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: qa.domain.com --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(36425) <-> 200.200.200.101(8080) 1367142991.8990 (0.0007) C>S --------------------------------------------------------------- GET /snoop HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: qa.domain.com:8080 --------------------------------------------------------------- - Jace_45978
i get the same testing results using curl
if i remove the HTTP::header replace Host "[HTTP::host]:8080" from the irule then i start getting 404 errors from the browser for /snoop
using httpfox when hitting the https://qa.domain.com i still get the IBM websphere default page. Like the second part of the irule isn't firing.
type= text/html https://qa.domain.com/
type=text/css https://qa.domain.com/http_server_styles.css
type=images/x-icon https://qa.domain.com/images/favicon.ico
are the only results in the httpfox data when hitting https://qa.domain.com
- Jace_45978interesting... just discovered IE seems to work. with existing irule will keep you posted.
- Jace_45978alright I think we are good with the following irule:
when HTTP_REQUEST {
if {[HTTP::uri] equals "/snoop"} {
HTTP::uri "/snoop"
}
HTTP::header replace Host "[HTTP::host]:8080"
if {[HTTP::uri] equals "/"} {
HTTP::redirect "https://qa.aacargo.com/AACargo/home"
}}
once i realized IE was working i realized i was having issue with my firefox browser and not clearning its cache.
thanks everyone for you assistance!
