Forum Discussion

Jinshu's avatar
Jinshu
Icon for Cirrus rankCirrus
Oct 22, 2015

Exempt http to https url redirection for specific IP addresses in Irule

Hello,

I have a VIP with with address 10.20.20.20 which configured to use SSL. http to https redirection also configured on the F5 so that users will be redirected to if they access http.

now I want to bypass the http redirection for some users with specefic IP addresses (Means users with ip address 10.55.22.22 should access http url and should not use SSL). I have an Irule for this but it is not working. Can anyone help me with this.

when HTTP_REQUEST {
    if { [IP::addr [IP::client_addr] eq 10.55.22.22] }
    {
      return
       do nothing
    }
    else {
    HTTP::redirect https://[HTTP::host][HTTP::uri] }
    }

-Jinshu

application delivery
deployment
design
devops
iRules
LTM
performance

4 Replies

Sort By
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Oct 22, 2015

    Are you using route domains? You may need to string the RD off of the client_addr.

    when HTTP_REQUEST {
    if { [IP::addr [getfield [IP::client_addr] "%" 1] equals 10.55.22.22] } {
        return
        do nothing
    }
    else {
        HTTP::redirect https://[HTTP::host][HTTP::uri]
    }
}
  • ssievers_87378's avatar
    ssievers_87378
    Icon for Nimbostratus rankNimbostratus
    Oct 22, 2015
    Hi, i think you have to configure 2 VS. One for SSL and one for http. Then you can configure your rule to the VS for http. Regards
  • Jinshu's avatar
    Jinshu
    Icon for Cirrus rankCirrus
    Oct 22, 2015
    I have separate VIP for 80 and 443. I have applied the irule on 80 vip only but it is not working. I am getting page cannot be displayed.
  • ssievers_87378's avatar
    ssievers_87378
    Icon for Nimbostratus rankNimbostratus
    Oct 23, 2015

    Is there a default pool configured on your VIP 80 ? Try this:

     

    when HTTP_REQUEST { if { [IP::addr [IP::client_addr] eq 10.55.22.22] } { pool my_pool_for_http } else { HTTP::redirect https://[HTTP::host][HTTP::uri] } }