Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

iRule or LTM Policy to pre-fix desired www. sites

DoubleJz
Nimbostratus
Nimbostratus

‎24-Oct-2023 07:00

I have an issue where if I browse to https://abc.com the page will not load ( connection timed out) but https://www.abc.com will load as desired.

Therefore, I believe I need to somehow modify the following iRule to check to see if it contains www. and if it doesn't add it. 

when HTTP_REQUEST {
 if { [class match [HTTP::host] equals Datagroup1] } {
  pool prod_sites
  } else {
  HTTP::respond 403
  }
}

However, I have a couple URIs in the data group that contains a subdomain that I don't want to prefix with www.

I know I can change it with the following but I'm struggling to determine a way to redirect those in Datagroup1 with exceptions. I'm assuming its going to be a messy if, elseif, else kinda of deal but having a hard time putting it all together and working.

when HTTP_REQUEST {
    if {[HTTP::host] eq "abc.com"} {
        HTTP::redirect "https://www.abc.com[HTTP::uri]"
    }
}

maybe specifying a not equal for exclusions ??

if { ([HTTP::host] ne "subdomain.cbs.com") } {

I also currently have a policy in place to redirect HTTP to HTTPS as follows:

Redirect to location 'tcl:https://[getfield [HTTP::host] : 1][HTTP::uri]' at request time.

Any suggestions would be greatly appreciated.

Labels:
0 Kudos
8 REPLIES 8

Niels_van_Sluis
MVP
MVP

‎24-Oct-2023 08:14

What is the reason in your example that https://abc.com doesn't work? Is it because there isn't a DNS-record? In that case you could use the RESOLVER::name_lookup to see if it's a valid record. If not, add www. to it.

See: RESOLVER::name_lookup (f5.com)

0 Kudos

DoubleJz
Nimbostratus
Nimbostratus
In response to Niels_van_Sluis

‎24-Oct-2023 08:28

To be honest I'm not sure. I do see that abc.com and www.abc.com resolves differently but I feel like its something to do on Akamai as the traffic hits there before it gets directed to the F5 VS.

Looking at this more, http://abc.com, http://www.abc.com and https://www.abc.com all work. Just not https://abc.com nor does it redirect.

 

 

0 Kudos

Niels_van_Sluis
MVP
MVP
In response to DoubleJz

‎24-Oct-2023 08:40

Okay, then it seems abc.com and www.abc.com are different sites and abc.com isn't configured to handel HTTPS traffic. In that case you are probably better of using two datagroups. One datagroup that lists all allowed hostnames and another that contains hostnames that should be excluded from having put www. to it. Then let the iRule decide if it's allowed and/or it's needs to be modified with the start of www.

0 Kudos

DoubleJz
Nimbostratus
Nimbostratus
In response to Niels_van_Sluis

‎24-Oct-2023 09:21

Understood. I created a new datagroup Datagroup_exclude and placed the subdomain sites in it. I guess I went full circle back to my original question now though. How would you go about checking to see if it needs to be modified with www and exlude those in the new datagroup?

0 Kudos

Paulius
MVP
MVP
In response to DoubleJz

‎24-Oct-2023 11:19

@DoubleJz Can you provide a few examples of ones that would need to be excluded and which ones wouldn't? Also, if https://abc.com/ doesn't work but https://www.abc.com/ does work most likely all paths associated to just "abc.com" will not work because the root doesn't work. You really should look into where "abc.com" and "www.abc.com" point to and what host they are listening for in your web server configuration.

0 Kudos

Niels_van_Sluis
MVP
MVP
In response to DoubleJz

‎25-Oct-2023 00:28

What about this solution? Use the same Datagroup1, and define the allowed hosts as 'strict' if they shouldn't be modified by the iRule. In the example below 'nielske.nl' isn't allowed to be modified.

Schermafbeelding 2023-10-25 091734.png

And use Datagroup1 with the following iRule.

when HTTP_REQUEST {
  if { [class match [HTTP::host] equals Datagroup1] } {
    if { !([HTTP::host] starts_with "www.") && !([class lookup [HTTP::host] Datagroup1] equals "strict") } {
      log local0. "[HTTP::host] doesn't starts_with www. and isn't defined as strict; redirect allowed"
      HTTP::redirect "https://www.[HTTP::host][HTTP::uri]"
    }
  } else {
  HTTP::respond 403
  }
}

DoubleJz
Nimbostratus
Nimbostratus
In response to Niels_van_Sluis

‎25-Oct-2023 12:23

I like that and thats similar to what I was trying to come up with prior posting on here. Also to be clear, the inner if statement doesn't need an else. It if doesn't match any constraints it will just leave that inner if statement and continue on in the outter if statement, right?

when HTTP_REQUEST {
  if { [class match [HTTP::host] equals Datagroup1] } {
    if { !([HTTP::host] starts_with "www.") && !([class lookup [HTTP::host] Datagroup1] equals "strict") } {
      HTTP::redirect "https://www.[HTTP::host][HTTP::uri]"
    }
    pool prod_sites
  } else {
  HTTP::respond 403
  }
}
0 Kudos

Niels_van_Sluis
MVP
MVP
In response to DoubleJz

‎25-Oct-2023 23:20

Yes, this looks alright to me. 

0 Kudos
Copyright © 2023 Khoros, LLC