Forum Discussion

Musafir_133935's avatar
Musafir_133935
Icon for Nimbostratus rankNimbostratus
Sep 18, 2013

Hi All

Someone have deleted some I rules and i dont have backup. We are only running one application on our F5 and now some of the tabs are not opening.

 

The actual node says that the tab is actually http and my virtual server is on https. If i change Virtual server to http, everything works well.

 

in the website there are many tabs. some uses http and some uses https. I am not sure if the redirection is done in the actual server itself or in the F5. so whatever is the tab url is (http or https) f5 should redirect and accept and convert it to https only.

 

Can anyone show any iRule that will help me achieve this ?

 

Musafir.....

 

application delivery
devops
iRules

9 Replies

Sort By
  • jgranieri's avatar
    jgranieri
    Icon for Nimbostratus rankNimbostratus
    Sep 18, 2013

    do you have a HA pair of LTM's ? If so were the changes sync'd when the irules were deleted? If not then the irule is still intact on your standby unit....

     

    i need more informaton on what your app is doing before I can help you with an irule.

     

  • Musafir_133935's avatar
    Musafir_133935
    Icon for Nimbostratus rankNimbostratus
    Sep 18, 2013

    I think the config was syncronized hence i clud not find the same in standby unit as well.

     

    Its like when i open https://abc.co.uk and click on some tab like sales, Support etc, it shows that connection refused.

     

    If i directly open the node using https://node ip: port/irj/portal it opens properly. Even if I change the virtual server port to http it workes well.

     

    • JoshBecigneul's avatar
      JoshBecigneul
      Icon for MVP rankMVP
      Sep 18, 2013
      It's unlikely that any out of the box iRule is going to "just work" for your setup. Can you check and see if you have any archives under System -> Archives? Perhaps there is one that could contain the missing iRule.
  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Sep 18, 2013

    You can check your /var/local/ucs/ directory for cs_backup files.

     

    These are zipped tarballs and contain previous synced / overwritten configurations.

     

    Look for /config/bigip.conf inside these files.

     

    Perhaps you will find a copy of your iRules ... Good luck!

     

  • Musafir_133935's avatar
    Musafir_133935
    Icon for Nimbostratus rankNimbostratus
    Sep 19, 2013

    I could not find the config on the locations mentioned. Can anyone give me the iRule that will do this job?

     

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Sep 19, 2013

    A quick fix might be to add a port 80 virtual to the existing port 443 virtual and redirect all requests from port 80->port 443. This can be done with a simple iRule (apply this on the port 80 virtual):

    when HTTP_REQUEST {
  HTTP::respond 301 Location  https://[HTTP::host][HTTP::uri]
  return
}

    The better long term fix, if it's just an SSL offload issue, is to incorporate a stream profile to change all the http:// links in the http response payload to https://

  • Musafir_133935's avatar
    Musafir_133935
    Icon for Nimbostratus rankNimbostratus
    Sep 21, 2013

    Hi Jason,

     

    I opened a support case and they suggested the same. but the iRule is a bit different.I will post it later in this post. Actually that was a total different and out of the box thinking and i liked it.

     

  • Musafir_133935's avatar
    Musafir_133935
    Icon for Nimbostratus rankNimbostratus
    Sep 30, 2013

    Here we go guys. This is helpful when the webserver have both http and https urls.

     

    iRule:

    when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri]"

     

    }

    They created one more virtual server listening on port 80 without any pool assigned. It has the above iRule assigned.

     

  • Musafir_133935's avatar
    Musafir_133935
    Icon for Nimbostratus rankNimbostratus
    Sep 30, 2013

    So i thought that i will declare that the issue is resolved but no... One more issue happened.

     

    There are some users allowed to edit the website and that is not working. I am not sure what is preventing.

     

    I am getting one error on the lower left corner of IE '' Error on page''. When i double click it and expand it says that ''access is denied '' ,line 269, char 5, error code 0. Any idea on this whay this is happening ? As per the users it was working well previously.