For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Greg_Donohoe_25's avatar
Greg_Donohoe_25
Icon for Nimbostratus rankNimbostratus
Jul 07, 2016

URL redirect

Hi, I am trying to configure a URL redirect so that client sessions connectiong to https:abc.home.com are redirected to https://xyz.office.com. The one issue I see is that the xyz.office.com site will have a certificate with that common name included so the client session with the HTTP get of abc.home.com will fail. Is there a way to completely change the destination URL within an irule? Or is there any easier way?

 

devops
LTM

14 Replies

    • Greg_Donohoe_25's avatar
      Greg_Donohoe_25
      Icon for Nimbostratus rankNimbostratus
      Jul 07, 2016
      Thank you for the reply Iain but I dont understand how that can help me? Will that accept HTTP request for https:abc.home.com and redirect them to https://xyz.office.com? What would the syntax look like?
  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Icon for Nacreous rankNacreous
    Jul 07, 2016

    Hi,

    You can use the following :

    when HTTP_REQUEST {
 if { [HTTP::host] eq "abc.home.com" } {
  HTTP::respond 301 Location "https://xyz.office.com[HTTP::uri]"
 }
}
    • Greg_Donohoe_25's avatar
      Greg_Donohoe_25
      Icon for Nimbostratus rankNimbostratus
      Jul 07, 2016
      Hi Yann, thanks for the response. Your irule worked perfectly for what I wanted to do but now the application guys have come back with an additional request :-( There is an authentication server in front of abc.home.com and what they want is any connection coming from that server to be allowed through. BUT if someone tries to go direct to abc.home.com then they need the redirect to xyz.office.com which you have already suggested. Any ideas? What is the best way to define the authentication server source? Any help appreciated.
    • Greg_Donohoe_25's avatar
      Greg_Donohoe_25
      Icon for Nimbostratus rankNimbostratus
      Jul 07, 2016
      Just to add to this for better understanding here is the set up: xyz.office.com -> authentication server (virtual server) -> abc.home.com If a connection to abc.home.com comes from authentication server they want the connection to pass throug to pool members. If a connection goes from anywhere else direct to abc.home.com then they are redirected back to xyz.office.com so that they can authenticate correctly. I hope this is a bit clearer.
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jul 07, 2016

    Hi,

    You can use the following :

    when HTTP_REQUEST {
 if { [HTTP::host] eq "abc.home.com" } {
  HTTP::respond 301 Location "https://xyz.office.com[HTTP::uri]"
 }
}
    • Greg_Donohoe_25's avatar
      Greg_Donohoe_25
      Icon for Nimbostratus rankNimbostratus
      Jul 07, 2016
      Hi Yann, thanks for the response. Your irule worked perfectly for what I wanted to do but now the application guys have come back with an additional request :-( There is an authentication server in front of abc.home.com and what they want is any connection coming from that server to be allowed through. BUT if someone tries to go direct to abc.home.com then they need the redirect to xyz.office.com which you have already suggested. Any ideas? What is the best way to define the authentication server source? Any help appreciated.
    • Greg_Donohoe_25's avatar
      Greg_Donohoe_25
      Icon for Nimbostratus rankNimbostratus
      Jul 07, 2016
      Just to add to this for better understanding here is the set up: xyz.office.com -> authentication server (virtual server) -> abc.home.com If a connection to abc.home.com comes from authentication server they want the connection to pass throug to pool members. If a connection goes from anywhere else direct to abc.home.com then they are redirected back to xyz.office.com so that they can authenticate correctly. I hope this is a bit clearer.