Forum Discussion

Chris_Olson_172's avatar
Chris_Olson_172
Icon for Nimbostratus rankNimbostratus
Dec 13, 2015

http to https irule for https VIP

I need a simple http to https irule to apply to an HTTPS VIP. This is a Windows RDS gateway on the F5. We want ANY intial connection for http be directed to https. There is no http VIP since it's a HTTPS Site only. Example User types: http://www.example.com/rdweb/pages/en-US/login.aspx

 

They should be immediately redirected to:

 

https://www.example.com/rdweb/pages/en-US/login.aspx

 

I tried the following but cannot get to load via bigpipe OR TMSH

 

tmsh create ltm rule/common/rds_redirect when HTTP_REQUEST { if {[HTTP::host] equals "rdsgateway.example.com" and [HTTP::uri] starts_with "/rdweb/" } { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }

 

Fails with multiple errors.

 

Using the bigpipe command does nothing but show me a list of .sh entries (I don't know where that came from) b rule RDS_redirect '{ when HTTP_REQUEST { if { [HTTP::host] equals "www.example.com" and [HTTP::uri] starts_with "/rdweb/" } { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }}'

 

BIG-IP Version 10.2.4 860.0

 

I have little experience in writing irules but have been successful on a few basics. I am open to ANY suggestions. The simpler the better. Thanks!

 

application delivery
BIG-IP
iRules

3 Replies

Sort By
  • Chris_Olson's avatar
    Chris_Olson
    Icon for Nimbostratus rankNimbostratus
    Dec 13, 2015
    I can't see how this would work UNLESS we have an http VIP. I'm getting connection refused since 80 is not open. Even so, when I apply and generic redirect on the http VIP, it still fails with Network Error (tcp_error) A communication error occurred: "" The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Dec 13, 2015

    Hey Chris,

     

    you really need an HTTP VS to terminate the TCP:80 connection and send a HTTP redirect back to the client.

     

    Without having a TCP:80 VS you may use "Preloaded HSTS" to redirect the HTTP requests already within the browser, even before the very first TCP:80 connection is send. But this would still have some serious restriction/limitation...

     

    So once you have created an additional TCP:80 VS (HTTP Profile must be applied without any Pools selected) you could use the build in iRule "_sys_https_redirect", which simply redirects every HTTP request to HTTPS using the same hostname and URI.

     

    BTW: I would recommend to either use the LTM admin page or the iRule Editor to create or change iRules.

     

    Cheers, Kai

     

  • Chris_Olson's avatar
    Chris_Olson
    Icon for Nimbostratus rankNimbostratus
    Dec 13, 2015

    Thank you very much. I learned a lot due to this issue and was able to use the"_sys_https_redirect" rule/profile to make this work. I was trying to follow previous soutions which are likely out of date or simply not condusive to this new environment. Thanks for confirming.