http redirection
13 TopicsBIG-IP : redirect loop : debugging techniques
BIG-IP 11.4.0 Build 2384.0 Final In my hosts file I point www.mydomain.com to my web-server IP, and in my client-browser I submit the request http://www.mydomain.com/natural-language-url-1 and the page is returned as expected.. In BIG-IP , I have configured a single virtual-server vip-01 with a single iRule irule-01 : when HTTP_REQUEST { log local0. "HTTP_REQUEST received by irule-01" log local0. "host = [HTTP::host]" log local0. "uri = [HTTP::uri]" switch -glob [string tolower [HTTP::host]] { "www.mydomain.com" { switch -glob [string tolower [HTTP::uri]] { "/api/*" { pool service-pool-01 } default { log local0. "matched default pool" pool default-pool-01 } } } } } Now, in my hosts file I point www.mydomain.com to vip-01 , and in my client-browser I submit the request http://www.mydomain.com/natural-language-url-1 and the client-browser reports an infinite-redirect error "This webpage has a redirect loop" BIG-IP > System > Logs > Local Traffic Rule /Common/irule-01 : HTTP_REQUEST received by irule-01` Rule /Common/irule-01 : host = www.mydomain.com Rule /Common/irule-01 : uri = /natural-language-url-1 Rule /Common/irule-01 : matched default pool ... repeat 10 times ... Fiddler shows that 21 302-redirects have occurred : Result 302 Protocol HTTP Host www.mydomain.com URL /natural-language-url-1 Body 185 Caching private Content-Type text/html; charset=utf-8 Process chrome:7516 Comments Custom NOTE 1 : on vip-01, Source Address Translation = Auto-Map NOTE 2 : I have complete control over the web-server ( remote access with ability to modify configuration, run diagnostics, perform local tests, etc. ) NOTE 3 : The web-server expects the request to include the domain. Sending a request with host = {web-server-host-name} , or host = {web-server-ip} will throw an error because IIS will be unable to locate the virtual app. What are some debugging techniques I can deploy to further diagnose the underlying cause of the redirect loop ?1.3KViews0likes28Commentsirule to rewrite header but respond with 200
Hi All, Im trying to setup an irule (and struggling :-)) that will perform the following. Upon accessing a site, the request will be rewritten to essentially send the client elsewhere, however rather than providing a 301/302 redirect I need a 200 response to be sent to the client for the initial request. For example once this rule is setup, a request for a page www.test.com/p/content/ will result in a 200 response for the user. This will work using the URL handling rule sending requests ahead without generating a response to the user and the 200 response coming from www.test.com. the irule below seems to direct the user correctly but I cant seem to force the 200 response When HTTP_REQUEST { if { [HTTP::host] contains "www.test." and [HTTP::uri] starts_with "/p/" } { HTTP::header replace Host "www.test.com" } }899Views0likes7CommentsiRule to redirect user with incorrect certificate to specific url
Hello, I'm writing iRule, which sould redirect user to specific uri, if user don't have cert or have incorrect cert. Client ssl profile client authentication is set to "ignore". I want to redirect user with incorrect cert to "https://[HTTP::host]/index.php?id=14", which is the only uri, that works without cert auth. HTTP respond or redirect in event "when HTTP_REQUEST_SEND" does not work, but logging does ("No or invalid client Certificate!"). Browser response when I choose incorect cert: " This site can’t provide a secure connection sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR " Code: when CLIENTSSL_CLIENTCERT { HTTP::release if { [SSL::cert count] < 1 } { log local0. "No client Certificate!" } } when HTTP_REQUEST { if { [HTTP::uri] ne "/index.php?id=14" }{ if { [SSL::cert count] <= 0 } { HTTP::collect SSL::authenticate always SSL::authenticate depth 9 SSL::cert mode require SSL::renegotiate } } if { [HTTP::uri] eq "/index.php?id=14" }{ log local0. "uri eq id=14" pool XYZ-POOL } } when HTTP_REQUEST_SEND { clientside { if { [SSL::cert count] > 0 } { HTTP::header insert "X-SSL-Session-ID" [SSL::sessionid] HTTP::header insert "X-SSL-Client-Cert-Status" [X509::verify_cert_error_string [SSL::verify_result]] HTTP::header insert "X-SSL-Client-Cert-Subject" [X509::subject [SSL::cert 0]] HTTP::header insert "X-SSL-Client-Cert-Issuer" [X509::issuer [SSL::cert 0]] log local0. "http header insert completed" } else { log local0. "No or invalid client Certificate!" HTTP::redirect "https://www.xyz.com/index.php?id=14" HTTP::respond 302 Location "https://[HTTP::host]/index.php?id=14" } } } Best regards, Spela804Views0likes2CommentsSharepoint 2013 Login redirect iRule problems
Hi, I'm having a problem with a Irule applied to a VS loadbalancing a sharepoint site. when HTTP_REQUEST { switch [HTTP::host] { sh.domain.com { if { [active_members SHAREPOINT_2013_HTTPS_pool] < 1 } { HTTP::respond 200 content {some content} } if { ( [string tolower [HTTP::uri]] contains "login.aspx" ) and ( [IP::addr [IP::client_addr] equals 10.0.0.0/8]) } { HTTP::redirect "https://sh.domain.com/_windows/default.aspx?ReturnUrl=/" } pool SHAREPOINT_2013_HTTPS_pool } sh.domain2.com { if { [active_members SHAREPOINT_2013_HTTPS_pool] < 1 } { HTTP::respond 200 content {some content} } if { ( [string tolower [HTTP::uri]] contains "login.aspx" ) and ( [IP::addr [IP::client_addr] equals 10.0.0.0/8] ) } { HTTP::redirect "https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/" } pool SHAREPOINT_2013_HTTPS_pool } } } What happens: Internal users: User wants to access URL: https://sh.domain.com/testguy Without the irule, internal clients connects to the sharepoint site from a ip in the 10.0.0.0/8 subnet, and are automaticly redirected to a sharepoint login page. The user then has to click a link to log inn. Clicking this link does nothing but redirect to https://sh.domain.com/_windows/default/.aspx?ReturnUrl=/testguy With the iRule, internal clients buypass the login screen correctly, but they are riderected to the home page of sharepoint (another redirect that happens when you request https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/) Trying to access the original URL : https://sh.domain.com/testguy again within the same browser now works correctly because the user is never redirected to login page, and therefor just sent straight to the pool. External users: Is currently working as expected. They are sent to login page, and have to click the login button and present credentials, and then redirected to the correct page. How can I have my internal users buypass the login page, and automaticly redirected to the requested URI? Is there a way to append the original URI to https://sh.domain2.com/_windows/default.aspx?ReturnUrl=/[HTTP::uri] without causing a redirection loop? I have tried the above statement, but it creates a loop because the HTTP:uri is now the login page. Appreciate all input!599Views0likes1CommentiRule to redirect traffic to a server
Hi, We have an Educational Office 365 account and the login to it is not extremely easy. We want to have our F5-4200 redirect traffic from an URL users can use directly to the login servers where users can just enter an username and password. I have created an iRule that is working on our old F5-1600, but it is pointed at a pool, which we don't want to do on the new server. We just want the F5 to take the traffic from the published URL to the login URL withouot having to associate it with a pool. Is this possible? Here is what I have written: when HTTP_REQUEST { set o365_hostname [string tolower [HTTP::host]] if {$o365_hostname equals "o365.xxxxxxxxxxx.net"}{ log.local0 "Hostname was redirected. Original name: $o365_hostname" redirect to "https://Very_Long_loginURL[HTTP::uri]" } }Solved510Views0likes4CommentsDynamic Redirect iRule URI Variable
I am trying to perform a dynamic redirect based a portion of the URI. Here is what I'm trying to accomplish: Ex. Request: http://search.company.com/Pages/results.aspx/k=accounting%20department Ex. Redirect: https://www.company.com/search/?&query=accounting%20department We are using a separate virtual server for search.company.com, so I created the following iRule and associated it with the virtual server: when HTTP_REQUEST { set uri [HTTP::uri] if { $uri starts_with "/Pages/results.aspx/k=" } { log local0. "Original URI: $uri" HTTP::uri [string range [HTTP::uri] 23 end] log local0. "Search Query: [HTTP::uri]" HTTP::uri /search/?&query=[HTTP::uri] log local0. "New URI: [HTTP::uri]" HTTP::redirect "https://www.company.com[HTTP::uri]" } elseif { $uri starts_with "/Pages/results.aspx" } { HTTP::redirect "https://www.company.com/search" } } Unfortunately, this is not having the desired result. Here is the behavior I am seeing: Request: http://search.company.com/Pages/results.aspx/k=accounting%20department Redirect: https://www.company.com/search/?&query=k=accounting%20department I attempted to find the log entries for this iRule, but was unable to. Can anyone offer any guidance of how I can accomplish this? Or at the very least, where I need to look for log entries and what log level needs to be enabled for which types? Also, please feel free to correct anything you find in the iRule, whether or not it is directly contributing to the issue. I'm still learning, and trying to figure out the best way to accomplish things, as well as general best practices. Thank you for your time and input.478Views0likes2Commentsdata group iRule
Hello iExperts, I just wanted to double check with you the following irule where i want to double check that the client IP is in a determinate data group range of IPs (ecmvpn_ip_dg) and if so, return a HTTP 302 redirect to such client. Is it the correct and "optimized" way to do it? when RULE_INIT { set static::ecmvpn_flag 0 } when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals ecmvpn_ip_dg] } { set static::ecmvpn_flag 1 }} when HTTP_REQUEST { if {$static::ecmvpn_flag==1}{ HTTP::redirect http://ecmvpn.[HTTP::uri] return } switch -glob [string tolower [HTTP::host]] { "ecm.domain" { if { ([HTTP::uri] starts_with "/APPLICATION")} { HTTP::header insert USER-IP [IP::remote_addr] persist cookie insert pool DCTM_ECM_APPLICATION _APPLICATION PORT_PROD (or PREP) return } } default { return } } }Solved468Views0likes8CommentsCan a VS redirect traffic away from itself?
Hi, first post, be nice. ;) Let's say an F5 appliance is proxying a couple of web servers on IPv4 address A. If there is an incoming request addressed to that IP, is it possible to redirect that traffic away from the appliance to a specified next-hop? I know it sounds weird. The idea is to have ONE F5 appliance acting as both external and internal appliance, with a Firewall in the middle. An external request to IP A should be redirected to the firewall, if it passes the checks there it return to the F5, on another interface. THEN it should be delivered to the service connected to IP A. I'm new to F5, did a quick lab and I could not get it to work, it does not forward traffic aimed to itself out an interface. But I've got about 4 days experience, and I'm under a bit of pressure to get this sorted out. Thanks.368Views0likes2Commentsirule to redirect url
at the moment we have this irule elseif { ([string tolower [HTTP::uri]] starts_with "/test") } { HTTP::redirect "http://m.domain.com[HTTP::uri]" So what it does is this: if a user goes here www.domain.com/test/sport/competitions/champions-league/Madrid-2403444.html?utm_source=exacttarget&utm_medium=email&utm_campaign=pc01tmn2&utm_content=g01&sb_cid=3516 user will be redirected to https://m.domain.com/test/sport/uefa-competitions/uefa-champions-league/Roma-v-Real-Madrid-2403444.html but we want to redirect to https://m.domain.com/test/sport/competitions/champions-league/Madrid-2403444.html?utm_source=exacttarget&utm_medium=email&utm_campaign=pc01tmn2&utm_content=g01&sb_cid=3516 instead , how do we achieve this using irule?360Views0likes2Comments