Forum Discussion

habib_Khan's avatar
habib_Khan
Icon for Nimbostratus rankNimbostratus
Aug 18, 2016

Irule to exempt redirection for connections from specific IP/range and redirect all other traffic to https

I am using below irule, my requirement is when request comes from specific set of IP or range of IP redirection should not happen and all other connections/requests should get https redirection. Kindly assist as below used irule statistics shows hits but all are failing.

 

when HTTP_REQUEST {log local0. "Client: [IP::client_addr]" if { [class match [IP::client_addr] contains cdm_test_range] } {HTTP::redirect http://[HTTP::host][HTTP::uri] pool cdms-stg-pool-tcp80 } else {HTTP::redirect https://[HTTP::host][HTTP::uri] } }

 

application delivery
iRules
LTM

2 Replies

Sort By
  • Stefan_Klotz's avatar
    Stefan_Klotz
    Icon for Cumulonimbus rankCumulonimbus
    Aug 18, 2016

    Hi Habib,

    I assume you have two virtual servers, one for port 80 and the other for port 443. And that each has a default pool configured. If so, then the following iRule should work:

    when HTTP_REQUEST {
   log local0. "Client: [IP::client_addr]"
   if { ![class match [IP::client_addr] contains cdm_test_range] } {
      HTTP::redirect https://[HTTP::host][HTTP::uri]
   }
}

    Hope that helps.

    Ciao Stefan 🙂

  • Stefan_Klotz's avatar
    Stefan_Klotz
    Icon for Cumulonimbus rankCumulonimbus
    Aug 18, 2016

    Hi Habib,

    can you try it with this line?

    if { ![class match [IP::client_addr] equals cdm_test_range] } {

    I assume your DGL "cdm_test_range" is from type address.

    Didn't you see any iRule/TCL error message in your logs, which could be helpful?

    Another question: you mentioned that your poolmember is listening on port 443 only. Do you have a serverSSL profile then activated on your HTTP-VIP? Is access via both virtual servers (80 & 443) working in general without any iRule?

    Ciao Stefan 🙂