Forum Discussion
steve_cross_650
Nimbostratus
Nimbostratususing ends_with crashed my site -- what am I doing wrong?????
i have a https virtual server that i was trying to implement a simple rule
* if this https request is not one of five select pages, redirect user to http page
here was my initial rule:
when HTTP_REQUEST {
if { [matchclass [string tolower [HTTP::uri]] starts_with $::secure_pages]}
{
pool public_http_pool
}
else
{
HTTP::redirect "http://[HTTP::host][HTTP::uri]"
}
}
(secure_pages was a string list of pages that should be https.)
Unfortunately, when I implemented the above rule i noticed that my pages would initially be secure and then get redirected to the same url but no longer show as secure in the browser (lock symbol would show up and then disappear). I turned on logging and found that by opening up one .aspx page (our app is in .NET) that it was spawning many requests:
Rule https_to_http : page not in secure list: /css/main.css
Rule https_to_http : page not in secure list: /scripts/betaScripts.js
Rule https_to_http : page not in secure list: /aspnet_client/system_web/1_1_4322/SmartNav.htm
Rule https_to_http : page not in secure list: /VAM/3_0_1/VAM.js
Rule https_to_http : page not in secure list: /aspnet_client/system_web/1_1_4322/SmartNav.js
Rule https_to_http : page not in secure list: /images/beta_logo.jpg
Rule https_to_http : page not in secure list: /images/icon_form_arrow.gif
Rule https_to_http : page not in secure list: /images/icon_arrow_green.gif
Rule https_to_http : page not in secure list: /images/beta_login_bg.gif
Rule https_to_http : SECURE PAGE: /Login.aspx
So that means my iRule was having to process each request separately for this one page. Since the only time I want to redirect from https to http is when the URL ends with .aspx I thought I could use the following iRule instead:
when HTTP_REQUEST {
if { [matchclass [string tolower [HTTP::uri]] starts_with $::secure_pages]}
{
pool public_http_pool
}
elseif {[matchclass [string tolower [HTTP::uri]] ends_with ".aspx"]}
{
HTTP::redirect "http:// [HTTP::host] [HTTP::uri]"
}
}
As soon as I did my first https request w/ this new code my site went down hard. I removed that code, did many https requests – no problem. Turned that code back on and again the first request has me down hard. In the log I started immediately getting
TmmMsgHandler.cpp:111 - UDP send failed: Network is unreachable
What am I doing wrong here? What can I do to just check certain .aspx pages to see if they are https and then redirect to http when needed?
- A couple of things I've noticed.
1. You don't need a matchclass if you are just comparing two strings.
2. Your HTTP::redirect has a space after the "http://" and the [HTTP::host]. This will result in the following url: "http:// foo.com /bar". Odds are this is what is causing your network is unreachable error.
Try this out:when HTTP_REQUEST { if { [matchclass [string tolower [HTTP::uri]] starts_with $::secure_pages]} { pool public_http_pool } elseif { [string tolower [HTTP::uri]] ends_with ".aspx" } { HTTP::redirect "http://[HTTP::host][HTTP::uri]" } }
-Joe 
steve_cross_650thanks Joe - that was indeed what was causing the network error.- steve_cross_650in regards to your comment about matchclass should I use this instead:
if { [string tolower [HTTP::uri]] starts_with $::secure_pages]} {
when is "matchclass" best utilized? - matchclass is used to find a match in a class (or data group). You'll want that in on the starts_with as you are actually comparing with the contents of the data group "secure_pages". Your ends_with comparision was just a string matching a string, so matchclass won't work as your second argument wasn't a data group.
Make sense?
-Joe
