cancel
Showing results for 
Search instead for 
Did you mean: 

Is it possible to configure a global redirect for port 80 to 443?

BcssiNetworking
Nimbostratus
Nimbostratus

On our F5s, we always have two virtual servers for every URL. The first is the redirect one for port 80 to 443 and the second one handles all the actual business of the URL. Is there a way to setup the F5 so that any port 80 connection attempt to any VIP address will automatically get redirected to 443 so that we don't have to create two virtual servers for every URL?

 

I apologize if this sound like a stupid question, but can't seem to find anything online about doing this.

1 REPLY 1

 I don't think this is something that can be achieve without a Virtual Server as Virtual Server is something which is termination point for the application which acts according to the configuration done on it.

 

One thing you can do is instead of creating two different Virtual Servers, you can achieve both use cases, redirection from 80to443 and handling actual application traffic using single Virtual Server. No need to create separate Virtual Server for only redirection from 80-to-443.

 

For this, you need to have one virtual server which will be listening on both port 80 as well as 443. So when traffic is coming for port 80, redirection will happen and if it is coming for 443, that will be actual application traffic.

 

This can be achieve using iRule and also using shared object of type port lists. You can create shared object with two ports and map it to the Virtual Server. You need to check if your current F5 version supports shared object. I think it was introduced in v14.

 

Also you can even have multiple applications behind one Virtual Server with the help of iRule so you don't need to configure separate Virtual Server for each application.

 

 

Hope it helps!

Mayur