Forum Discussion

solaikumar_1217's avatar
solaikumar_1217
Icon for Nimbostratus rankNimbostratus
Jan 12, 2016

HTTPS to HTTPS redirection using iRules

Dear All,

I have got one new requirement in LTM to forward the HTTPS/HTTP request to instead of or http://your-domain.com/. Have written iRule as follows .For HTTP request everything works fine , but HTTPS it is not(I feel some decryption required at F5 level). Please suggest.

Note : The main reason is that the user is getting Apache webpage when they access the root URI ,whereas actual resource is available at /xyz. I am also aware that there is an option at server level, but still looking for solution at HLB level.

Irule details :

when HTTP_REQUEST {

if { ([HTTP::uri] == "/") or ([HTTP::uri] == "https://your-domain.com")} {
    HTTP::redirect https://your-domain.com/xyz/
   }

else {HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }

With Regards, Solaikumar.k

application delivery
iRules
LTM

1 Reply

Sort By
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Jan 12, 2016

    Hi Solaikumar,

    yes you would need Layer7 inspection for HTTPS-Traffic to parse the request headers and to perform the required redirects.

    Furthermore a 

    [HTTP::uri]
    does only contain the 
    [HTTP::path]
    & 
    [HTTP::query]
    part of the web request, but not the protocol used nor the host-header of the site. But based on your functional requirements it wouldn't be required to differentiate on those informations, since both protocols would require the same action.

    Scenario 1: Seperate iRule for HTTP and HTTPS Virtual Server

    iRule used for HTTP-only VS:

    when HTTP_REQUEST {
    HTTP::redirect "https://[getfield [HTTP::host] ":" 1][HTTP::uri]" 
}

    iRule used for HTTPS-only VS:

    when HTTP_REQUEST {
    if { [HTTP::uri] equals "/") } {
        HTTP::redirect https://your-domain.com/xyz/
    } else {
         Forward the Request
    }
}

    Scenario2: Combined iRule used for HTTP and HTTPS Virtual Server

    when HTTP_REQUEST {

    if { [PROFILE::exists clientssl] } then {
        if { [HTTP::uri] equals "/") } {
            HTTP::redirect https://your-domain.com/xyz/
        } else {
             Forward the Request
        }
    } else {
        HTTP::redirect "https://[getfield [HTTP::host] ":" 1][HTTP::uri]" 
    }
}

    Note: Scenario 1 has a slightly better performance compared to Scenario2

    Cheers, Kai