Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

redirect irule for SSL VIP

ing_user_202066
Nimbostratus
Nimbostratus

Hi,

 

so I'm using an irule to redirect traffic to a static html page (for a planned maintenance).

 

On the "port 80" VIP, I apply this irule:

 

when HTTP_REQUEST { if { [HTTP::host] contains "blah" } { HTTP::redirect "" }

 

}

 

...and anyone who hits the vip with "blah" in the request gets properly redirected. Great.

 

But, I also allow HTTPS connections - users will hit that site via HTTPS as well. But the HTTP_REQUEST doesn't work for the https hits. I get an ERR_CONNECTION_RESET error on the web page. So I'm assuming right now that I need a different rule for the HTTPS requests that come in, so I get the same desired redirect regardless of whether the request comes in via HTTP or HTTPS.

 

7 REPLIES 7

DEJ
Nimbostratus
Nimbostratus
Are you offloading SSL on the VIP?

Arie
Altostratus
Altostratus

You should be able to use the same iRule. What's the config of the HTTPS-VIP?

 

ing_user_202066
Nimbostratus
Nimbostratus
i'm terminating ssl on the vip, yes. there's an ssl profile there

nitass
F5 Employee
F5 Employee

users will hit that site via HTTPS as well. But the HTTP_REQUEST doesn't work for the https hits. I get an ERR_CONNECTION_RESET error on the web page

 

as Arie suggested, irule should be the same except you want to redirect to https (e.g. HTTP::redirect "") instead of http. ERR_CONNECTION_RESET may not be caused by HTTP::redirect command. have you used http analyzer tool? it may be helpful.

 

HttpFox

 

https://addons.mozilla.org/en-Us/firefox/addon/httpfox/

 

sdagar_194989
Nimbostratus
Nimbostratus
In our setup we are using wildcard cert for multiple VIPs ,one of the customer did CN redirection at their end means their other url redirecting to our end configured ulr (ssl VIP) now requests are coming to LB VIP but the url in request remain same (old customer ulr as customer did CN redirection ) so they are getting SSL certificate issue ,please suggest me how can i overcome this problem any solution for this. Can someone let me know the traffic flow for LB,If request come to VIP does SSL offloading happen first or irule will be executed first.

Emad
Cirrus
Cirrus

Same Irule should be working with redirection to

 

ing_user_202066
Nimbostratus
Nimbostratus

Thanks everyone. This turned out to be a problem with the rule related to host contains. The URLs being used were actually matching more than one condition so the rule didn't know where to route the request.