Forum Discussion

A__N_5261's avatar
A__N_5261
Icon for Nimbostratus rankNimbostratus
Feb 02, 2012

https Redirect

Hi All,

 

 

 

We have irule which redirecting to HTTPS. when i apply to HTTP VS . it give erro http profile should be configure

 

 

Why we have attach http profile. What is use of it

 

 

 

when HTTP_REQUEST

 

 

{ HTTP::redirect https://[HTTP::host][HTTP::uri] }

 

 

 

 

1. What irule says.

 

 

2. Why http profile require. I used default Http profile it works

 

 

 

 

Thanks

 

A.N

6 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    A.N

     

     

    The Http Profile, when attached to the VS, tells / allows the f5 to inspect the Http traffic - you can't do any http manipulation without a http profile attached to a VS.

     

     

    This is also goes for the other profiles for their particular service or protocol.

     

     

    Hope this helps.

     

     

    N
  • Hi nathan

     

     

    Thanks for Reply

     

     

    Inspect look into payload. but redirection should be happen base on port .if packet come on port 80 just redirect to 443. why we require look into payload

     

     

    Thanks
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    A.N

     

     

    Your iRule is calling a command HTTP_REQUEST which the f5 will only evaluate if the VS has an http profile assigned.

     

     

    N
  • Nathan

     

     

    is there any other way to redirect without http profile

     

     

     

     

    Thanks

     

    A.N
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    A.N

     

     

    Virtual Servers can do Port Translation - enabled by default I think. So, if your VS is listening on port X and the pool member is configured for port Y then the LTM will translate the communication. We do this on a few of our VSs.

     

     

    But, specifically in your case, the traffic would still be port 80 from the client to the LTM, rather than https so I'm not sure if this would meet your needs.

     

     

    HTTP profile + iRule would seem the most straight forward.

     

     

    Rgds

     

    N
  • i agree with nathan. http profile and irule seem to be the most straight way to achieve this. anyway, if you can't use http profile, you have to collect tcp payload, parse http header and response manually.

    e.g.

    [root@ve1023:Active] config  b virtual bar list
    virtual bar {
       destination 172.28.19.79:80
       ip protocol 6
       rules myrule
    }
    [root@ve1023:Active] config  b rule myrule list
    rule myrule {
       when CLIENT_ACCEPTED {
            TCP::collect
    }
    
    when CLIENT_DATA {
            set uri [findstr [TCP::payload] "GET " 4 " "]
            set host [findstr [TCP::payload] "Host: " 6 "\r\n"]
    
            TCP::respond "HTTP/1.0 302 Found\r\nLocation: https://$host$uri\r\nConnection: Keep-Alive\r\nContent-Length: 0\r\n\r\n"
            TCP::release
    }
    }
    
    [root@ve1023:Active] config  curl -i http://172.28.19.79/whatever
    HTTP/1.0 302 Found
    Location: https://172.28.19.79/whatever
    Connection: Keep-Alive
    Content-Length: 0