Forum Discussion

mikehorn79_3021's avatar
mikehorn79_3021
Icon for Nimbostratus rankNimbostratus
Feb 10, 2017

HTTP to HTTPS iRule errors

Good Afternoon All,

 

I'm relatively new to iRules and I've come across a unique issue that I hope I explain well enough to get the desired assistance. The issue is certain URLs were not working when users on the corporate LAN tried hitting them within Chrome only. Please read below for the steps I took to troubleshoot.

 

Our production F5's are partitioned to accommodate various user groups within the organization. In light of that, we have our own iRule that reads as stated below:

 

when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }

 

When this iRule, redirecting all http traffic to https, is enabled within the pool we need it to be, we receive the following error:

 

Feb 10 10:06:17 slb******** err tmm[930]: 01220001:3: TCL error: /Eco_102/HTTP-to-HTTPS_Redirect - Operation not supported. Multiple redirect/respond invocations not allowed (line 1) invok ed from within "HTTP::redirect "https://[HTTP::host][HTTP::uri]""

 

There is also a system wide iRule on the common partition that reads as follows:

 

when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } definition-signature **********

 

In noticing that, I removed the iRule residing on our partition for the pool and it cleared the issue. However, other subdomains started having this issue, but on multiple browsers while on the corporate LAN only still.

 

Regardless of adding the system one or the iRule on our partition I get the error mentioned above. The consensus is to combine all redirect iRules into one, is that the solution or can anyone point me in the right direction?

 

Thank you in advance!

 

1 Reply

  • There is a redirect loop of some kind happening.

    Possible reasons: You have SSL terminated on the VS:443 that is sending the traffic unencrypted to the servers on a specific port (say, port 80). Servers are configured to redirect the traffic to the HTTP version of the site which then hits VS:80 which redirects to VS:443 and so on.

    Best way to troubleshoot scenarios like this is to use CURL and send a request with -L as the option in order to follow the redirects.

    For example, you have a site called "domain.com", try

    curl -IL http://domain.com
    and check the "Location" header to identify the subsequent redirects in order to understand where the loop occurs and fix it to suit your environment.