Forum Discussion

Cribby_130403's avatar
Cribby_130403
Icon for Nimbostratus rankNimbostratus
Jul 16, 2014

iRule URI to Pool before iRule with HTTP to HTTP Redirect

Hello,

 

I am trying to create and stack a simple set of iRules but I don't seem to be getting the desired results. Basically I have the following setup.

 

1.) A VS setup for HTTPS for home.mysite.com on port 443 on IP 44.33.22.10

 

2.) Another separate VS setup for HTTP for home.mysite.com on port 80 on the same IP of 44.33.22.10 with an iRule that is basically an HTTP to HTTPS redirect so that any HTTP/80 traffic that hits my site automatically gets redirected to HTTPS.

 

Basically what I tried to do is create another iRule to say if anyone wants to go to home-nonSSL.mysite.com and stack it before the HTTP-->HTTPS redirect iRule on the HTTP/80 VS everything fails. The whole VS is basically unusable. Here are my iRules:

 

HTTP VS (44.33.22.10)

 

**** FIRST IRULE, URI MATCH TO POOL IRULE *****

 

Non-SSL Site Pool

when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { home-nonSSL.mysite.com { pool MYSITE_NON-SSL_Pool-80 } } }

 

**** SECOND IRULE, HTTP-->HTTPS REDIRECT ****

 

when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] }

 

Regards,

 

James

 

3 Replies

  • The problem you are having is both rules are processing on the HTTP_Request and therefore both end up making a decision. The first decides to use the non-ssl pool. The second is a redirect which is much more immediate to the request never goes to the pool. You need logic around your second irule to say if it isn't the non-ssl site then redirect to SSL. Or you could combine both rules as this:

    when HTTP_REQUEST {
      switch [string tolower [HTTP::host]] {    
        "home-nonssl.mysite.com" { 
          pool MYSITE_NON-SSL_Pool-80
        }
        "default" {
          HTTP::redirect "https://[HTTP::host][HTTP::uri]"
        }
      }
    }
    
  • Hello David,

     

    Thanks for the reply.

     

    That does make sense. What if on the first part of the combined iRule where is looks for the match to send to the pool I want it to look for a contains and not a specific match? For example if it contains either home-nonssl.mysite.com or /mydata1 it would send it to the pool, if not then it would send to default:

     

    home-nonssl.mysite.com/mydata1

     

    pool MYSITE_NON-SSL_Pool-80

     

    • James
    • David_Larsen_23's avatar
      David_Larsen_23
      Historic F5 Account
      So in the rule we are only matching on the Host name of the URL [HTTP::host] and not on the URI (which would be [HTTP::uri]) portion of the URL. That way we only have to match on the domain name. If you have other domain names that start with home-nonssl.mysite (such as home-nonssl.mysite.mobi) you can wild card it with a * and modify the switch command with the -glob such as: when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "home-nonssl.mysite*" { pool MYSITE_NON-SSL_Pool-80 }