alhall_3584
Nimbostratus
NimbostratusiRule to redirect
I'm new at this and I trying to redirect an https (443) request to an Apache/Tomcat server with the url of . When I try to connect to it with I get an error. Please assist. Thanks!
Forum Discussion
25 Replies
Al_3585login as: admin
Using keyboard-interactive authentication.
Password:
Last login: Tue Aug 21 15:20:31 2012 from xxx.xx.100.252
[admin@:Active] ~ b virtual apache-https-vs list
virtual apache-https-vs {
pool apache-http-pool
fallback persist apache-source
destination xxx.xx.100.195:https
ip protocol tcp
persist apache-cookie
profiles {
apache-clientssl {
clientside
}
apache-http-opt {}
apache-oneconnect {}
apache-tcp-lan {
serverside
}
apache-tcp-wan {
clientside
}
}
}
[admin@:Active] ~
[admin@:Active] ~ b pool apache-http-pool list
pool apache-http-pool {
lb method member observed
slow ramp time 30
monitor all apache-http-monitor
members xxx.xx.109.26:webcache {}
}
[admin@:Active] ~[admin@:Active] ~ b rule apache-httptohttps list
rule apache-httptohttps {
when HTTP_REQUEST {
HTTP::redirect ]
}
}
[admin@:Active] ~
Thx!
nitassEmployee
is apache-httptohttps irule we are working on??- smp_86112
Cirrostratus
I'm sorry, but I'm still confused about this. If you hit http://host:8080 or http://host:8080/site.html with a browser, that bypasses the apache-https-vs VIP entirely, and no iRule is going to fire. You need to be hitting https://xxx.xx.100.195 so the request hits the VIP, and then the iRule applied to the apache-https-vs VIP can be fired. - Al_3585Sorry for the confusion. We are trying to hit through with the VIP, i.e. client --->https--->BIGIP (VIP) --->http://site:8080/site.html. We can hit the web site if we don't go through the BigIP. All indicators are green. Thx!
- nitasscan you try this irule?
[root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:443 ip protocol 6 rules myrule profiles { clientssl { clientside } http {} tcp {} } } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:8080 {} } [root@ve10:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { if {[HTTP::uri] equals "/"} { HTTP::uri "/site.html" } HTTP::header replace Host "[HTTP::host]:8080" } } [root@ve10:Active] config ssldump -Aed -nni 0.0 port 443 or port 8080 -k /config/ssl/ssl.key/default.key New TCP connection 1: 172.28.19.251(40302) <-> 172.28.19.79(443) 1 1 1345879460.5096 (0.0141) C>S SSLv2 compatible client hello 1 2 1345879460.5097 (0.0000) S>CV3.1(81) Handshake 1 3 1345879460.5097 (0.0000) S>CV3.1(953) Handshake 1 4 1345879460.5097 (0.0000) S>CV3.1(4) Handshake 1 5 1345879460.5116 (0.0018) C>SV3.1(262) Handshake 1 6 1345879460.5116 (0.0000) C>SV3.1(1) ChangeCipherSpec 1 7 1345879460.5116 (0.0000) C>SV3.1(36) Handshake 1 8 1345879460.5243 (0.0126) S>CV3.1(1) ChangeCipherSpec 1 9 1345879460.5243 (0.0000) S>CV3.1(36) Handshake 1 10 1345879460.5256 (0.0013) C>SV3.1(167) application_data --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: site --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(40302) <-> 200.200.200.101(8080) 1345879469.9335 (9.4077) C>S --------------------------------------------------------------- HEAD /site.html HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Accept: */* Host: site:8080 ---------------------------------------------------------------