Forum Discussion
Kevin_Stewart
Jan 29, 2013Employee
Here's a TCP-only iRule to do redirection:
when RULE_INIT {
set static::REDIRSITE "http://www.f5.com"
set static::LOCALPOOL "local-pool"
}
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals my_ip_group] } {
log local0. "IP match: redirect"
TCP::respond "HTTP/1.0 302 Found\r\nServer: BIG-IP\r\nConnection: Close\r\nContent-Length: 0\r\nLocation: $static::REDIRSITE\r\n\r\n"
} else {
log local0. "No IP match: local pool"
pool $static::LOCALPOOL
}
}
That said, as Steve relays, if you're not terminating the SSL on the BIG-IP then you're not going to see any of the clear text traffic anyway. If your HTTP traffic is encrypted, then to use an HTTP profile (and HTTP iRule) you would indeed need an SSL profile applied to the virtual server. And if you wanted to see the clear text traffic for the above TCP iRule, you would still need an SSL profile. In fact if you want to do anything at all with iRules, you need to be able to see the requests and responses, which would require an SSL profile if the traffic is encrypted.