http redirection
13 TopicsBIG-IP : redirect loop : debugging techniques
BIG-IP 11.4.0 Build 2384.0 Final In my hosts file I point www.mydomain.com to my web-server IP, and in my client-browser I submit the request http://www.mydomain.com/natural-language-url-1 and the page is returned as expected.. In BIG-IP , I have configured a single virtual-server vip-01 with a single iRule irule-01 : when HTTP_REQUEST { log local0. "HTTP_REQUEST received by irule-01" log local0. "host = [HTTP::host]" log local0. "uri = [HTTP::uri]" switch -glob [string tolower [HTTP::host]] { "www.mydomain.com" { switch -glob [string tolower [HTTP::uri]] { "/api/*" { pool service-pool-01 } default { log local0. "matched default pool" pool default-pool-01 } } } } } Now, in my hosts file I point www.mydomain.com to vip-01 , and in my client-browser I submit the request http://www.mydomain.com/natural-language-url-1 and the client-browser reports an infinite-redirect error "This webpage has a redirect loop" BIG-IP > System > Logs > Local Traffic Rule /Common/irule-01 : HTTP_REQUEST received by irule-01` Rule /Common/irule-01 : host = www.mydomain.com Rule /Common/irule-01 : uri = /natural-language-url-1 Rule /Common/irule-01 : matched default pool ... repeat 10 times ... Fiddler shows that 21 302-redirects have occurred : Result 302 Protocol HTTP Host www.mydomain.com URL /natural-language-url-1 Body 185 Caching private Content-Type text/html; charset=utf-8 Process chrome:7516 Comments Custom NOTE 1 : on vip-01, Source Address Translation = Auto-Map NOTE 2 : I have complete control over the web-server ( remote access with ability to modify configuration, run diagnostics, perform local tests, etc. ) NOTE 3 : The web-server expects the request to include the domain. Sending a request with host = {web-server-host-name} , or host = {web-server-ip} will throw an error because IIS will be unable to locate the virtual app. What are some debugging techniques I can deploy to further diagnose the underlying cause of the redirect loop ?1.3KViews0likes28CommentsSharepoint 2013 Login redirect iRule problems
Hi, I'm having a problem with a Irule applied to a VS loadbalancing a sharepoint site. when HTTP_REQUEST { switch [HTTP::host] { sh.domain.com { if { [active_members SHAREPOINT_2013_HTTPS_pool] < 1 } { HTTP::respond 200 content {some content} } if { ( [string tolower [HTTP::uri]] contains "login.aspx" ) and ( [IP::addr [IP::client_addr] equals 10.0.0.0/8]) } { HTTP::redirect "https://sh.domain.com/_windows/default.aspx?ReturnUrl=/" } pool SHAREPOINT_2013_HTTPS_pool } sh.domain2.com { if { [active_members SHAREPOINT_2013_HTTPS_pool] < 1 } { HTTP::respond 200 content {some content} } if { ( [string tolower [HTTP::uri]] contains "login.aspx" ) and ( [IP::addr [IP::client_addr] equals 10.0.0.0/8] ) } { HTTP::redirect "https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/" } pool SHAREPOINT_2013_HTTPS_pool } } } What happens: Internal users: User wants to access URL: https://sh.domain.com/testguy Without the irule, internal clients connects to the sharepoint site from a ip in the 10.0.0.0/8 subnet, and are automaticly redirected to a sharepoint login page. The user then has to click a link to log inn. Clicking this link does nothing but redirect to https://sh.domain.com/_windows/default/.aspx?ReturnUrl=/testguy With the iRule, internal clients buypass the login screen correctly, but they are riderected to the home page of sharepoint (another redirect that happens when you request https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/) Trying to access the original URL : https://sh.domain.com/testguy again within the same browser now works correctly because the user is never redirected to login page, and therefor just sent straight to the pool. External users: Is currently working as expected. They are sent to login page, and have to click the login button and present credentials, and then redirected to the correct page. How can I have my internal users buypass the login page, and automaticly redirected to the requested URI? Is there a way to append the original URI to https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/[HTTP::uri] without causing a redirection loop? I have tried the above statement, but it creates a loop because the HTTP:uri is now the login page. Appreciate all input!598Views0likes1CommentDynamic Redirect iRule URI Variable
I am trying to perform a dynamic redirect based a portion of the URI. Here is what I'm trying to accomplish: Ex. Request: http://search.company.com/Pages/results.aspx/k=accounting%20department Ex. Redirect: https://www.company.com/search/?&query=accounting%20department We are using a separate virtual server for search.company.com, so I created the following iRule and associated it with the virtual server: when HTTP_REQUEST { set uri [HTTP::uri] if { $uri starts_with "/Pages/results.aspx/k=" } { log local0. "Original URI: $uri" HTTP::uri [string range [HTTP::uri] 23 end] log local0. "Search Query: [HTTP::uri]" HTTP::uri /search/?&query=[HTTP::uri] log local0. "New URI: [HTTP::uri]" HTTP::redirect "https://www.company.com[HTTP::uri]" } elseif { $uri starts_with "/Pages/results.aspx" } { HTTP::redirect "https://www.company.com/search" } } Unfortunately, this is not having the desired result. Here is the behavior I am seeing: Request: http://search.company.com/Pages/results.aspx/k=accounting%20department Redirect: https://www.company.com/search/?&query=k=accounting%20department I attempted to find the log entries for this iRule, but was unable to. Can anyone offer any guidance of how I can accomplish this? Or at the very least, where I need to look for log entries and what log level needs to be enabled for which types? Also, please feel free to correct anything you find in the iRule, whether or not it is directly contributing to the issue. I'm still learning, and trying to figure out the best way to accomplish things, as well as general best practices. Thank you for your time and input.491Views0likes2CommentsHow to overcome "Only secure content is displayed"?
Hi, I am load balancing to a web server which uses backdrop mapping. I have created an Virtual Server listening on HTTP which applies the "_sys_https_redirect" iRule to redirect from HTTP to HTTPS which contains the following: when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } I have then created a second Virtual Server listening on HTTPS that presents the SSL certificate and then simply load balances to the pool members (passing traffic to them on TCP port 80). The problem that I am getting is that some pages contain backdrop mapping from openstreetmap.org (URL is similar to http://a.tile.openstreetmap.org/b/c/d/png where a b c and d can vary). Firefox and Chrome do not display this embedded backdrop mapping but Internet Explorer does at least show a message saying "Only secure content is displayed". If I then click on the "Show all content" button, the mapping does appear. I have searched the forums and have tried creating a custom http profile with edited "Request header insert" to insert the X-Forwarded-Proto but must be doing it wrong as i get an error "01070373:3: Invalid Header Insert 'X-Forwarded-Proto' for profile /Common/http_osnet. name:value must be ":" separated" I am fairly new to LTM so any help greatly appreciated.335Views0likes5Commentsdata group iRule
Hello iExperts, I just wanted to double check with you the following irule where i want to double check that the client IP is in a determinate data group range of IPs (ecmvpn_ip_dg) and if so, return a HTTP 302 redirect to such client. Is it the correct and "optimized" way to do it? when RULE_INIT { set static::ecmvpn_flag 0 } when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals ecmvpn_ip_dg] } { set static::ecmvpn_flag 1 }} when HTTP_REQUEST { if {$static::ecmvpn_flag==1}{ HTTP::redirect http://ecmvpn.[HTTP::uri] return } switch -glob [string tolower [HTTP::host]] { "ecm.domain" { if { ([HTTP::uri] starts_with "/APPLICATION")} { HTTP::header insert USER-IP [IP::remote_addr] persist cookie insert pool DCTM_ECM_APPLICATION _APPLICATION PORT_PROD (or PREP) return } } default { return } } }Solved489Views0likes8Commentsirule to rewrite header but respond with 200
Hi All, Im trying to setup an irule (and struggling :-)) that will perform the following. Upon accessing a site, the request will be rewritten to essentially send the client elsewhere, however rather than providing a 301/302 redirect I need a 200 response to be sent to the client for the initial request. For example once this rule is setup, a request for a page www.test.com/p/content/ will result in a 200 response for the user. This will work using the URL handling rule sending requests ahead without generating a response to the user and the 200 response coming from www.test.com. the irule below seems to direct the user correctly but I cant seem to force the 200 response When HTTP_REQUEST { if { [HTTP::host] contains "www.test." and [HTTP::uri] starts_with "/p/" } { HTTP::header replace Host "www.test.com" } }933Views0likes7CommentsiRule to redirect user with incorrect certificate to specific url
Hello, I'm writing iRule, which sould redirect user to specific uri, if user don't have cert or have incorrect cert. Client ssl profile client authentication is set to "ignore". I want to redirect user with incorrect cert to "https://[HTTP::host]/index.php?id=14", which is the only uri, that works without cert auth. HTTP respond or redirect in event "when HTTP_REQUEST_SEND" does not work, but logging does ("No or invalid client Certificate!"). Browser response when I choose incorect cert: " This site can’t provide a secure connection sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR " Code: when CLIENTSSL_CLIENTCERT { HTTP::release if { [SSL::cert count] < 1 } { log local0. "No client Certificate!" } } when HTTP_REQUEST { if { [HTTP::uri] ne "/index.php?id=14" }{ if { [SSL::cert count] <= 0 } { HTTP::collect SSL::authenticate always SSL::authenticate depth 9 SSL::cert mode require SSL::renegotiate } } if { [HTTP::uri] eq "/index.php?id=14" }{ log local0. "uri eq id=14" pool XYZ-POOL } } when HTTP_REQUEST_SEND { clientside { if { [SSL::cert count] > 0 } { HTTP::header insert "X-SSL-Session-ID" [SSL::sessionid] HTTP::header insert "X-SSL-Client-Cert-Status" [X509::verify_cert_error_string [SSL::verify_result]] HTTP::header insert "X-SSL-Client-Cert-Subject" [X509::subject [SSL::cert 0]] HTTP::header insert "X-SSL-Client-Cert-Issuer" [X509::issuer [SSL::cert 0]] log local0. "http header insert completed" } else { log local0. "No or invalid client Certificate!" HTTP::redirect "https://www.xyz.com/index.php?id=14" HTTP::respond 302 Location "https://[HTTP::host]/index.php?id=14" } } } Best regards, Spela864Views0likes2CommentsHTTP::redirect and MS Office
Hi, I have an iRule that redirects users to an external sharepoint site. It modifies the URL for redirection based on incoming URLs in different ways. Now it occured to my client, that no only web browsers use this URLs and while it works perfectly as intended when used, let's say - normally the redirection does not work when URL is used in MS WORD. I suspect that WORD is executing HTTP query and is expecting an HTTP 200 return. It gets HTTP 302 and it has no idea how to work with it. Do you guys have any idea how I could work around that? I suppose I could catch all MS WORD executed queries by checking for user agent. But how could I proceed with the redirection?270Views0likes1CommentCan a VS redirect traffic away from itself?
Hi, first post, be nice. ;) Let's say an F5 appliance is proxying a couple of web servers on IPv4 address A. If there is an incoming request addressed to that IP, is it possible to redirect that traffic away from the appliance to a specified next-hop? I know it sounds weird. The idea is to have ONE F5 appliance acting as both external and internal appliance, with a Firewall in the middle. An external request to IP A should be redirected to the firewall, if it passes the checks there it return to the F5, on another interface. THEN it should be delivered to the service connected to IP A. I'm new to F5, did a quick lab and I could not get it to work, it does not forward traffic aimed to itself out an interface. But I've got about 4 days experience, and I'm under a bit of pressure to get this sorted out. Thanks.383Views0likes2Commentsirule to redirect url
at the moment we have this irule elseif { ([string tolower [HTTP::uri]] starts_with "/test") } { HTTP::redirect "http://m.domain.com[HTTP::uri]" So what it does is this: if a user goes here www.domain.com/test/sport/competitions/champions-league/Madrid-2403444.html?utm_source=exacttarget&utm_medium=email&utm_campaign=pc01tmn2&utm_content=g01&sb_cid=3516 user will be redirected to https://m.domain.com/test/sport/uefa-competitions/uefa-champions-league/Roma-v-Real-Madrid-2403444.html but we want to redirect to https://m.domain.com/test/sport/competitions/champions-league/Madrid-2403444.html?utm_source=exacttarget&utm_medium=email&utm_campaign=pc01tmn2&utm_content=g01&sb_cid=3516 instead , how do we achieve this using irule?374Views0likes2Comments