Forum Discussion

rachitbiyani_21's avatar
rachitbiyani_21
Icon for Nimbostratus rankNimbostratus
Aug 13, 2015

iRule behavior for HTTP::REDIRECT

Hello,

 

I have configured the following iRule:

 

ltm rule /Common/httptohttps { when HTTP_REQUEST {HTTP::redirect https://[HTTP::host][HTTP::uri]} }

 

It is associated with an HTTP virtual server. Is the expected behavior that it will send a HTTP 302 redirect message back to the client for packets with a destination port set to 80? What happens to the TCP connection established for the HTTP connection in this case? Is the initial TCP connection closed by the client? Will the client create a new TCP connection on port 443 in order to re-send the request as an HTTPS request? Or does the F5 act as a proxy here for the TCP connection? i.e. does it terminate the connection on port 80 and initiate a connection on port 443?

 

I am relatively new to F5 and would appreciate any help that I can get.

 

Thanks, Rachit

 

1 Reply

  • the HTTP::redirect command does, as you said, send a HTTP response back to the client with a status code of 302 (redirect). The browser will then receive this response and initiate a new connection to the new target (hostname:443). As far as I know it will tear down the previous connection and establish a new one - although if KeepAlives are setup, it may keep the connection open for future requests to port 80. The redirect is the same as the user typing in a new URL in the browser and hitting enter.

     

    Now, if your desired goal is to get a client connected to a HTTPS backend, you can always have the BIG-IP terminate the HTTP connection and initiate a HTTPS connection to your backend server. This is done by setting up the correct clientside and serverside profiles in the Virtual Server settings. But, I don't think that's what you are going for.

     

    One thing to note is that you'll need to make sure you don't have the same VIP configured listening on both port 80 and 443 or your iRule will get you into an infinite loop when it's redirected to 443 and then redirected back again to 443. This may not be the case but thought I'd mention it.

     

    Hope this helps...

     

    -Joe