F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

ing_user_202066's avatar
ing_user_202066
Icon for Nimbostratus rankNimbostratus
May 13, 2015

redirect irule for SSL VIP

Hi,

 

so I'm using an irule to redirect traffic to a static html page (for a planned maintenance).

 

On the "port 80" VIP, I apply this irule:

 

when HTTP_REQUEST { if { [HTTP::host] contains "blah" } { HTTP::redirect "" }

 

}

 

...and anyone who hits the vip with "blah" in the request gets properly redirected. Great.

 

But, I also allow HTTPS connections - users will hit that site via HTTPS as well. But the HTTP_REQUEST doesn't work for the https hits. I get an ERR_CONNECTION_RESET error on the web page. So I'm assuming right now that I need a different rule for the HTTPS requests that come in, so I get the same desired redirect regardless of whether the request comes in via HTTP or HTTPS.

 

application delivery
devops
iRules

7 Replies

  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    May 13, 2015

    You should be able to use the same iRule. What's the config of the HTTPS-VIP?

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    May 14, 2015

    users will hit that site via HTTPS as well. But the HTTP_REQUEST doesn't work for the https hits. I get an ERR_CONNECTION_RESET error on the web page

     

    as Arie suggested, irule should be the same except you want to redirect to https (e.g. HTTP::redirect "") instead of http. ERR_CONNECTION_RESET may not be caused by HTTP::redirect command. have you used http analyzer tool? it may be helpful.

     

    HttpFox

     

    https://addons.mozilla.org/en-Us/firefox/addon/httpfox/

     

  • sdagar_194989's avatar
    sdagar_194989
    Icon for Nimbostratus rankNimbostratus
    May 14, 2015
    In our setup we are using wildcard cert for multiple VIPs ,one of the customer did CN redirection at their end means their other url redirecting to our end configured ulr (ssl VIP) now requests are coming to LB VIP but the url in request remain same (old customer ulr as customer did CN redirection ) so they are getting SSL certificate issue ,please suggest me how can i overcome this problem any solution for this. Can someone let me know the traffic flow for LB,If request come to VIP does SSL offloading happen first or irule will be executed first.
  • Emad's avatar
    Emad
    Icon for Cirrostratus rankCirrostratus
    May 14, 2015

    Same Irule should be working with redirection to

     

  • ing_user_202066's avatar
    ing_user_202066
    Icon for Nimbostratus rankNimbostratus
    May 14, 2015

    Thanks everyone. This turned out to be a problem with the rule related to host contains. The URLs being used were actually matching more than one condition so the rule didn't know where to route the request.