Showing results for 
Search instead for 
Did you mean: 

Redirect HTTPS to HTTP




Can I ask for a configuration guide on how I can redirect https traffic to http?


I have 1 VS on port 443 but back-end server is running on port 80.


Do I need to create another VS for redirection? Can anyone help to verify if below rule is correct?


when HTTP_REQUEST { HTTP::redirect http://[getfield [HTTP::host] ":" 1][HTTP::uri]


Also, when we try to telnet the VS using PC on the same network (telnet 10.2.x.x 443) it wont go through.


Below is the VS config:


ltm virtual VS_FuelCareer {
    address-status yes
    app-service none
auth none
auto-lasthop default
bwc-policy none
clone-pools none
cmp-enabled yes
connection-limit 0
description none
destination 10.2.x.x:https
fallback-persistence none
flow-eviction-policy none
gtm-score 0
ip-intelligence-policy none
ip-protocol tcp
last-hop-pool none
mask x.x.x.x
metadata none
mirror disabled
mobile-app-tunnel disabled
nat64 disabled
partition Common
per-flow-request-access-policy none
persist none
policies none
pool FuelCareer
profiles {
    Fuel_Career {
        context clientside
    http {
        context all
    tcp {
        context all
rate-class none
rate-limit disabled
rate-limit-dst-mask 0
rate-limit-mode object
rate-limit-src-mask 0
related-rules none
rules none
security-log-profiles {
    "Log all requests"
service-down-immediate-action none
service-policy none
source-address-translation {
    pool none
    type none
source-port preserve
syn-cookie-status not-activated
traffic-classes none
translate-address enabled
translate-port disabled
urldb-feed-policy none
vlans none
vs-index 4





You don't need another VS. The VS running on port 443, needs a clientside ssl profile. And your configuration shows that you have one called Fuel_Career. Since you don't have a serverside ssl profile attached, SSL will be offloaded. However, you need to enable translate-port, since there needs to be a translation from 443, to 80.



You need to set up another virtual server, say, VS_FuelCareer_80, on the same virtual IP address but on port 80, and apply that irule to it.



OK I see. There seems to be a confusion about the meaning of "redirect" here, which I see often here at my workplace as well. 😞


When we say "redirect", it usually means "HTTP redirect" in the context of using HTTP protocol directives. In your case, you probably mean to "pass/forward traffic from F5 to a backend application server", and what you need, as far as F5 is concerned, is really SSL-Offloading.


You will need to remove the irule from the virtual server.


You will most likely also need to configure "Source Address Translation" to "SNAT automap".