cancel
Showing results for 
Search instead for 
Did you mean: 

HTTP to HTTPS iRule errors

mikehorn79_3021
Nimbostratus
Nimbostratus

Good Afternoon All,

 

I'm relatively new to iRules and I've come across a unique issue that I hope I explain well enough to get the desired assistance. The issue is certain URLs were not working when users on the corporate LAN tried hitting them within Chrome only. Please read below for the steps I took to troubleshoot.

 

Our production F5's are partitioned to accommodate various user groups within the organization. In light of that, we have our own iRule that reads as stated below:

 

when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }

 

When this iRule, redirecting all http traffic to https, is enabled within the pool we need it to be, we receive the following error:

 

Feb 10 10:06:17 slb******** err tmm[930]: 01220001:3: TCL error: /Eco_102/HTTP-to-HTTPS_Redirect - Operation not supported. Multiple redirect/respond invocations not allowed (line 1) invok ed from within "HTTP::redirect "https://[HTTP::host][HTTP::uri]""

 

There is also a system wide iRule on the common partition that reads as follows:

 

when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } definition-signature **********

 

In noticing that, I removed the iRule residing on our partition for the pool and it cleared the issue. However, other subdomains started having this issue, but on multiple browsers while on the corporate LAN only still.

 

Regardless of adding the system one or the iRule on our partition I get the error mentioned above. The consensus is to combine all redirect iRules into one, is that the solution or can anyone point me in the right direction?

 

Thank you in advance!

 

1 REPLY 1

Vijay_E
Altocumulus
Altocumulus

There is a redirect loop of some kind happening.

 

Possible reasons: You have SSL terminated on the VS:443 that is sending the traffic unencrypted to the servers on a specific port (say, port 80). Servers are configured to redirect the traffic to the HTTP version of the site which then hits VS:80 which redirects to VS:443 and so on.

 

Best way to troubleshoot scenarios like this is to use CURL and send a request with -L as the option in order to follow the redirects.

 

For example, you have a site called "domain.com", try curl -IL http://domain.com and check the "Location" header to identify the subsequent redirects in order to understand where the loop occurs and fix it to suit your environment.