is it possible with an irule to reject a connection if the redirec is not followed?
- Jan 18, 2017
Hi there, after much testing and considering your comments, I finally found the problem,
a 302 redirect, if the client ignores redirects, let's the connection pass trough, for example:
when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "www.hostname1.com" { HTTP::respond 302 noserver Location "https://www.hostname1.com/App1/" } default { reject } } }
This code above, will let a client through LTM to http://www.hostname1.com/App1/ if the redirect is ignored.
So the solution is simply doing a 301:
when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "www.hostname1.com" { HTTP::respond 301 noserver Location "https://www.hostname1.com/App1/" } default { reject } } }
This code above will correct the problem, and when the client attempts to bypass the redirect by ignoring them, instead of getting the 200 from the backend, it will only get the 301 response from the LTM, regardless of ignoring the redirect.
Seems to me a behaviour not contemplated in the HTTP::respond documentation regading LTM VSs iRule processing (Or something that has been commented somewhere else, but not on the respond doc).
Thanks for the help Odaah!