For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jrosales2000_10's avatar
jrosales2000_10
Icon for Nimbostratus rankNimbostratus
Dec 01, 2009

Using Priorities in irules

Hi, i am trying to accomplish the following:

 

 

1) if user enters abc.com redirect to https://www.abc.com

 

 

2) if user enters www.abc.com redirect to https://www.abc.com

 

 

I am trying to use the following irule:

 

 

when HTTP_REQUEST priority 100 {

 

if { [HTTP::host] eq [domain [HTTP::host] 2] } {

 

HTTP::redirect "https://www.[HTTP::host]"

 

}

 

}

 

 

when HTTP_REQUEST priority 200 {

 

HTTP::redirect https://[HTTP::host][HTTP::uri]

 

}

 

 

But its not working. If user enters abc.com, user gets Page Cannot Be Displayed. if user enters www.abc.com it correctly redirects to https://www.abc.com.

 

 

I have tried breaking it out into 2 separate irules, applied in order 1 then 2.

 

 

Still, same result - abc.com gets page cannot be displayed, www.abc.com redirects properly to https://www.abc.com.

 

 

If i remove the priority 200 code completely, leaving

 

when HTTP_REQUEST priority 100 {

 

if { [HTTP::host] eq [domain [HTTP::host] 2] } {

 

HTTP::redirect "https://www.[HTTP::host]"

 

}

 

}

 

 

Then scenario 1 does work, so i know that that code is good. However, the 2 pieces together just will not work. Am i doing something wrong here?

 

 

Thanks,

 

Jodie

 

application delivery
dev
devops
iRules

8 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 01, 2009
    Hi Jodie,

     

     

    Priority allows you to specify which iRules or iRule events run in which order. Priority by itself doesn't prevent any code from running though. The issue you're running into is that you cannot try to redirect or send an HTTP(S) response more than once for a single HTTP request.

     

     

    You can combine the two steps in one iRule and avoid this issue:

     

     

     
 when HTTP_REQUEST { 
  
     1) if user enters abc.com redirect to https://www.abc.com 
     2) if user enters www.abc.com redirect to https://www.abc.com 
  
     Check the requested host header value (set to lowercase) 
    switch [string tolower [HTTP::host]] { 
       "abc.com" - 
       "www.abc.com" { 
           Redirect client to https://www.abc.com/ 
          HTTP::redirect "https://www.abc.com/" 
       } 
       default { 
           Take some default action? 
       } 
    } 
 }

     

     

    If you want to preserve the originally requested URI in the redirect, you can check the redirect to:

     

     

    HTTP::redirect "https://www.abc.com[HTTP::uri]"

     

     

    Aaron
  • jrosales2000_10's avatar
    jrosales2000_10
    Icon for Nimbostratus rankNimbostratus
    Dec 01, 2009
    That worked perfectly, thanks much!!

     

     

    Is there a way to make it more generic so i can use it on multiple virtual servers?

     

     

    Thanks again!

     

    Jodie
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 01, 2009
    Which HTTP traffic do you not want to redirect to HTTPS? Or what is the criteria for the traffic you *do* want to redirect to HTTPS?

     

     

    Aaron
  • jrosales2000_10's avatar
    jrosales2000_10
    Icon for Nimbostratus rankNimbostratus
    Dec 01, 2009
    I want the following to scenarios to route to https://www.domainname.com

     

     

    1) user enters simply domainname.com into browser

     

    2) user enters www.domainname.com into browser

     

     

    This way i only need the 1 ssl. I need to make sure the browser url changes to the full www.domainname.com since that is what the SSL is tied to.

     

     

    We host many sites here, so it would be useful to have a generic irule that can do this for any domain entered, and have it applied to each virtual server that needs it.

     

     

    Thanks!

     

    Jodie
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 02, 2009
    Is there any traffic you don't want to redirect from http to https? You could check for host header values matching the patterns *.* or www.*.* and redirect those to https. But I'm still not clear on what if any traffic you want to allow via http. Is the logic dependent on the requested URI at all?

     

     

    Aaron
  • jrosales2000_10's avatar
    jrosales2000_10
    Icon for Nimbostratus rankNimbostratus
    Dec 02, 2009
    hi, for the sites that have ssl, we don't wany any traffic going to http - we want all traffic routed to https. The logic is dependent on the requested URI. we would want abc.com and www.abc.com to redirect to https://www.abc.com. For another virtual server, we would want def.com and www.def.com to redirect to https://www.def.com. and so on...

     

     

    Thanks!

     

    Jodie
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 02, 2009
    So you could redirect all requests to https://www.[base domain name]/ where the base domain name is whatever the client entered with www. added if it's not there already? If that sounds about right, I think this should work for your scenario: 

     
 when HTTP_REQUEST { 
  
     Check if host starts with www. 
    if {[string tolower [HTTP::host]] starts_with "www."}{ 
  
        Redirect client with same host and URI to https 
       HTTP::redirect "https://[HTTP::host][HTTP::uri]" 
  
    } else { 
  
        Redirect client with www. prepended to host and same URI to https 
       HTTP::redirect "https://www.[HTTP::host][HTTP::uri]" 
    } 
 }

    Aaron