F5 HTTPS Redirect iRule Update

F5's old _sys_https_redirect iRule is simple and gets the job done, but it's starting to show its age. It has some issues handling today's web apps: It always sends a 302 redirect. This changes P...
Published Aug 22, 2025
Version 1.0
ipv6
irule
Let's Encrypt
LTM
redirect
tcl
Tony_Marfil's avatar
Tony_Marfil
Icon for Employee rankEmployee
Aug 29, 2025

Global Variable Scope and System-Wide Policy

My colleague and iRule expert code reviewer, Joseph Martin, pointed out an important implication for using RULE_INIT to set global variables. Variables defined in RULE_INIT are system-wide global, meaning they apply to all virtual servers with any iRule that references the same global variable names.

How Global Variables Work

When you set configuration values like ::redirect_code, ::security_headers_enabled, or ::port_mapping in RULE_INIT, these settings apply to every virtual server where this iRule is attached. This provides:

  • Consistent redirect behavior across all applications
  • Single configuration point for security headers
  • Uniform port mapping rules

Considerations for Variable Customization

Since RULE_INIT variables share the global namespace across all iRules and virtual servers, any iRule that sets a variable with the same name will override the previous value system-wide.

If you need different configurations for specific virtual servers (such as selective debug logging, custom port mappings, or unique security headers), consider these approaches:

  1. Separate iRules - Create modified versions with different global variable values
  2. Runtime conditions - Add logic in HTTP_REQUEST to check the virtual server name or other criteria
  3. Local variable overrides - Use local variables within events to override global settings for specific requests

The global scope ensures consistent policy enforcement while allowing customization through standard iRule techniques when needed.