Forum Discussion
ucgwebmaster_95
Nimbostratus
NimbostratusUsing Virtual Server for http to https for certain pages
I've tried many suggestions but to no avail. I have to Virtual servers. One on port 80 and one on port 443. I need to have traffic routed to the 443 virtual server for 4 aspx pages.
ex:
http://www.helpme.com/
login.aspx
myaccount.aspx
register.aspx
/store/checkout.aspx
I was looking at a post which mentioned using the virtual command to direct traffic to a particular virtual server.
Can anyone please help me with an example here? I tried using a http class profile but to no avail. I tried using the Irule below but also it doesn't work. I am not sure what else to do here. Any help is greatly appreciated.
when HTTP_REQUEST {
switch -glob { [HTTP::host][HTTP::uri] }
{
"http://www.helpme.com/login.aspx"
{
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
"http://www.helpme.com/myaccount.aspx"
{
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
"http://www.helpme.com/store/CheckOut.aspx"
{
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
"http://www.helpme.com/Register.aspx"
{
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
}
}
13 Replies
hoolioCirrostratus
The host won't include the protocol. Also, the switch cases you have listed are exact. So a request with a query string like ..../login.aspx?action=something won't match. You can either add a * to the end to do a wildcard match against the URI, or you could just check the path (URI minus the query string). Also, you can add logging to help debug what's happening when a rule doesn't do what you expect. Make sure to comment out the logging once you're done testing.when HTTP_REQUEST { Check Host header value and the path (URI minus query string) switch {[string tolower [HTTP::host][HTTP::path]]}{ "www.helpme.com/login.aspx" { log local0. "[IP::client_addr]:[TCP::client_port]: matched login.aspx" HTTP::redirect https://[HTTP::host][HTTP::uri] } "www.helpme.com/myaccount.aspx" { log local0. "[IP::client_addr]:[TCP::client_port]: matched myaccount.aspx" HTTP::redirect https://[HTTP::host][HTTP::uri] } "www.helpme.com/store/checkout.aspx" { log local0. "[IP::client_addr]:[TCP::client_port]: matched checkout.aspx" HTTP::redirect https://[HTTP::host][HTTP::uri] } "www.helpme.com/register.aspx" { log local0. "[IP::client_addr]:[TCP::client_port]: matched register.aspx" HTTP::redirect https://[HTTP::host][HTTP::uri] } default { Take some default action? log local0. "[IP::client_addr]:[TCP::client_port]: hit default case" } } }
Aaron
ucgwebmaster_95This looks very promising Hoolio!! I have just a few additional questions:
1) Does the default mean everything else will be http?
2) If a user logs into the application, will the session keep when switching back to HTTP?
Thank you again for your help.- hoolioThe default in the example doesn't do anything, so any request which reaches that point would be handled according to the VIP profile and/or default pool configuration. If you have a pool configured on the pool, the request would be sent to that pool.
I'm not sure what will happen after a login. That's dependent on the application. If the login request is redirected to https, will the app redirect them to http or https? If you want to modify the app behavior, it would most likely be possible using more iRule functionality.
If you're able to test this, give it a shot. If there are issues try debugging the scenario using Fiddler for IE or LiveHttpHeaders for FF. Also check the iRule logging in /var/log/ltm to watch what LTM sees.
Aaron - ucgwebmaster_95I added the rule but nothing happened. Each page I went to never redirected to HTTPS. This is the only thing I see in the logs over and over again. I don't see any errors but, I see the following log entry over and over again. Any Clues?
Jul 8 16:27:43 tmm tmm[1656]: Rule dh_test : 168.40.84.201:1950: hit default case - hoolioCan you replace the log line:
log local0. "[IP::client_addr]:[TCP::client_port]: hit default case"
with
log local0. "[IP::client_addr]:[TCP::client_port]: hit default case for [HTTP::host][HTTP::path]"
I would expect either the host or path aren't correct in the switch cases. As .net is not case sensitive, I've set the host and path to lower case, so the switch cases should also be listed in lower case.
Aaron - ucgwebmaster_95I made the change but I still don't see any attempts to redirect to https. I applied the Irule on my Port 80 Virtual Server. Should I have one virtual server instead of 2? Do I need to set it up to listen on all ports and add a Client SSL profile to the Virtual Server? Instead of using HTTP::redirect https://[HTTP::host][HTTP::uri] should it be HTTP::redirect https://[HTTP::host][HTTP::path]?
Sorry for asking so many questions but the users are getting very anxious and I have no answer at the moment. - ucgwebmaster_95Here is a sample from the log file:
Jul 8 17:12:30 tmm tmm[1656]: Rule dh_test : : hit default case for www.decisionhealth.com/Login.aspx
I don't see anything besides that. This is quite strange. Maybe I should scale back and at least try to redirect one page.
What do you think? - hoolioIf the request you're making in the browser address bar is http://www.example.com/Login.aspx, then the switch case should be "www.example.com/login.aspx". Can you make sure that the switch case has the host and /login.aspx all in lower case? If it does, the request should be redirected.
"www.example.com/login.aspx" { log local0. "[IP::client_addr]:[TCP::client_port]: matched login.aspx" HTTP::redirect https://[HTTP::host][HTTP::uri] }
Aaron - ucgwebmaster_95Good Morning,
I checked everything, but I am not getting any attempts for HTTPS. If I could get one page to work, I would be happy. I also noticed that you can not access myaccount.aspx, register.aspx, or checkout.aspx without logging in first.
when HTTP_REQUEST {
switch {[string tolower [HTTP::host][HTTP::path]]}{
"www.abc.com/login.aspx" {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
"www.abc.com/myaccount.aspx" {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
"www.abc.com/store/checkout.aspx" {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
"www.abc.com/register.aspx" {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
}
} - ucgwebmaster_95I will send you an email. Thank you for extending your help with this issue.
