Forum Discussion

thashack00_9151's avatar
thashack00_9151
Historic F5 Account
Oct 07, 2013

Redirect https:// to https://www

Hello DevCentral members!

I am trying to write an iRule to redirect my host from https:// to https://www for all requests. My rule is listed below. Does this look like it will work? I want to run this on my 443 VIP. 

when HTTP_REQUEST {
if{ [HTTP::host] contains "hostname.net"} {
HTTP::redirect https://www.[HTTP::host][HTTP::uri]
}
}

I currently have this set up as an HTTP Class rule but I am upgrading from 11.2.1 to 11.4.1 and know that the HTTP Class is deprecated in 11.4.x. Any help would be appreciated!

Thanks!

application delivery
design
devops
iRules

4 Replies

Sort By
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Oct 07, 2013

    If you have both hostname.net and www.hostname.net on the same virtual, this iRule will result in an infinite loop as you are using a "contains" comparison and "www.hostname.net" contains "hostname.net" and it will in turn redirect to "www.www.hsotname.net". I'd try something like this

    when HTTP_REQUEST {
  if { !([HTTP::host] starts_with "www.") &&
        ([HTTP::host] contains "hostname.net") ) {
    HTTP::redirect "https://www.[HTTP::host][HTTP::uri]"
  }
}

    Whether you leave in the second condition is up to you. It may very well work just by checking whether or not the host starts with "www.".

    Also keep in mind that if this is on a SSL vip, you'll have to be terminating SSL for the iRule to be able to look at the HTTP request. But, I'm assuming you are doing this anyway since you are using a class profile.

    -Joe

  • thashack00_9151's avatar
    thashack00_9151
    Historic F5 Account
    Oct 07, 2013

    Thanks Joe. I am terminating SSL on the VIP so we should be good.

     

     

    I have a couple additional questions:

     

    1. What does the ! signify in front of the first condition? Does this read "if the host starts with www. than do nothing, otherwise add the www?" I am new to iRule writing so just want to be certain before implementing!

     

    2. Is this a better way to go rather than using HTTP class? I am under the impression that this gets converted when upgrading to 11.4.x but I was trying to get in front as it is critical that our app sees www.hostname.net as opposed to hostname.net. I can't lose that functionality!

     

     

    Thanks!

     

    Jeff

     

    • Joe_Pruitt's avatar
      Joe_Pruitt
      Oct 07, 2013
      The "!" is a NOT operator which gives the negative on the comparison. You can also use the keyword "not" if you want. For this example, it would read: "if HTTP::host does not start with 'www.' and HTTP::host does contain 'hostname.net', then redirect to https://www.[HTTP::host][HTTP::uri]". As for going with a HTTP::class, I'd suggest going that route if you were certain your platform supported it, but with the upgrade, if I were you, I'd get the iRule working and head that issue off at the pass and not rely on an upgrade doing it for you. I'm not sure what the upgrade process does but I do recall hearing some customers having to do some work to get their class profiles migrated post upgrade.
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Oct 07, 2013

    you don't have to use an iRule in 11.4.x, you can use the centralized policy matching functionality that is replacing the httpclass. Here's a tmsh example of simple redirecting host to ssl:

    ltm policy cpm.ssl_redirect {
    controls { forwarding }
    requires { http }
    rules {
        cpm.ssl_redirect.rule {
            actions {
                0 {
                    http-reply
                    redirect
                    location https://[HTTP::host][HTTP::uri]
                }
            }
            conditions {
                0 {
                    http-host
                    host
                    ends-with
                    values { hostname.net }
                }
            }
            ordinal 1
        }
    }
    strategy first-match
}