redirect after SSL termination

Question

Hi All, 
&nbsp;  
&nbsp; I have a scenario where the webserver only responds if there is a particular URI, say WebEdition. I also have SSL termination configured for this VS. The web server only listens on port 80. 
&nbsp;  
&nbsp; I have the following 4 scenarios 
&nbsp;  
&nbsp; 1. http://www.example.com -&gt; redirect to -&gt; https://www.example.com/WebEdition 
&nbsp;  
&nbsp;  
&nbsp; 2. https://www.example.com -&gt; redirect to -&gt; https://www.example.com/WebEdition 
&nbsp;  
&nbsp;  
&nbsp; 3. http://www.example.com/WebEdition redirect to https://www.example.com/WebEdition 
&nbsp;  
&nbsp; 4. https://www.example.com/WebEdition (no need for redirection and just decrypt the traffic and send clear text to the server). 
&nbsp;  
&nbsp; I created couple of iRules but nothing seems to work and I always get "page cannot be displayed". 
&nbsp;  
&nbsp; when HTTP_REQUEST {     
&nbsp;      if { [HTTP::uri] eq "/" }  { 
&nbsp;          HTTP::redirect "https://www.example.com/WebEdition" 
&nbsp;      } 
&nbsp; } 
&nbsp;  
&nbsp; and I applied this to the http traffic. 
&nbsp;  
&nbsp; I also tried 
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp; if {[HTTP::host] equals "www.example.com" } { 
&nbsp; HTTP::redirect https://www.example.com/WebEdition 
&nbsp; } 
&nbsp; } 
&nbsp;  
&nbsp; Both are created after looking at some samples on this forum. 
&nbsp;  
&nbsp; I am not sure how to apply the iRule to the https traffic since it will be encrypted. How can I ensure that it is applied after the decryption? 
&nbsp;  
&nbsp; thanks, 
&nbsp; Meena

james_quinby_46 · Answer

Are you terminating SSL on your LTM or on the application server itself?

meena_60183 · Answer

SSL termination is done on the BigIP.

colin_walker_12 · Answer

The iRule will automatically be applied after the decryption. The events you're using (HTTP events) are processed after the BIG-IP has already decrypted the traffic. 
  
 As far as an iRule to redirect everything coming to www.example.com without the /WebEdition URI, it looks like you want something like:

when HTTP_REQUEST { 
   if { [HTTP::host] eq "www.example.com" } { 
     if { (!([HTTP::uri] starts_with "/WebEdition")) or ([TCP::local_port] != 443) } { 
       HTTP::redirect "https://www.example.com/WebEdition" 
     } 
   } 
 }

That should work for both encrypted and plaintext traffic, assuming they're both feeding into the VIP that has this iRule on it. 
  
 Colin

meena_60183 · Answer

But this will not redirect https://www.example.com to https://www.example.com/WebEdition. Will it?

dennypayne · Answer

It will...the ! will make it redirect any URI that does not start with /WebEdition. 
&nbsp;  
&nbsp; Denny

Forum Discussion

redirect after SSL termination

7 Replies

Recent Discussions

Advise on setting up IRULE

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

Related Content

FTPS_SSL_ Termination

Anchor Link Redirect

Configure NGINX microgateway for MTLS termination and client certificate hash verification

url redirect

SSL Termination