Forum Discussion

Joe_Pipitone's avatar
Joe_Pipitone
Icon for Nimbostratus rankNimbostratus
Oct 05, 2015

Bypass SSL redirect if URI is....

I have 2 set of iRules that I'd like to combine into 1, however I'm unable to apply the logic without the result ending up in a loop.

The end result needs to be - if the URI is "/articles/2015/09/09/something.aspx" then allow the rest over port 80, else redirect to HTTPS. Always strip the www from the hostname as well.

I've only been able to get this to work on the iRule that I've applied on the port 443 VIP. I removed similar logic to check if the hostname begins with www, as it resulted in a loop. I'd like to be able to have 1 iRule that I could apply to both VIP-80 and VIP-443, however having 2 separate iRules is not a dealbreaker.

iRule applied to VIP-80:

when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] starts_with "/articles/2015/09/09/something.aspx" } {
       allow the request
      return 
    } else {
       HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
    }
}

iRule applied to VIP-443:

when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] starts_with "/articles/2015/09/09/something.aspx" } {
        HTTP::redirect http://[getfield [HTTP::host] ":" 1][HTTP::uri]
    } else {
        allow the request
       return
    }
}
application delivery
devops
iRules
LTM

25 Replies

Sort By
Show More
  • Joe_Pipitone's avatar
    Joe_Pipitone
    Icon for Nimbostratus rankNimbostratus
    Oct 06, 2015

    This may work:

    when HTTP_REQUEST {
set is_ssl [PROFILE::exists clientssl]
set is_ssl_URL [string compare -nocase [HTTP::uri] "/articles/2015/09/09/something.aspx"]
if { $is_ssl && !($is_ssl_URL)} {
    HTTP::redirect http://[getfield [HTTP::host] ":" 1][HTTP::uri]
} elseif { !($is_ssl) && $is_ssl_URL} {
    HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
} elseif {([string tolower [HTTP::host]] starts_with "www.")} {
    HTTP::redirect "https://[string range [HTTP::host] 4 end][HTTP::uri]"
}

    }

    • Joe_Pipitone's avatar
      Joe_Pipitone
      Icon for Nimbostratus rankNimbostratus
      Oct 06, 2015
      Perhaps in the future we can incorporate different logic to support multiple URLs in case the request comes in to exclude more from HTTPS. Thank you all again for the help and effort.