http to https redirect on single VIP using a port list consisting of port 80 and 443
Hi there,
In the past I have had 2 virtual servers when wanting to redirect from HTTP to HTTPS. One on port 80 with the built in "_sys_https_redirect" irule, then another on port 443 for the redirect to land on.
Since the introduction of "Shared Objects ›› Port Lists" I have attempted to have one virtual server and have it listen on port 80 and 443. This does work as expected until I add on the https redirect irule. This then breaks https connections to the VIP.
I have attempted to catch only the port 80 requets and redirect them in an attempt to not interfere with the 443 requests that do not need redirecting. Initially I attempted the below:
when HTTP_REQUEST {
if { [TCP::local_port] == 80 } {
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
}
This failed to identify the traffic. From what I can understand it is because the virtual server has an SSL client profile attached which stops the http traffic even being identified, which it needs for the https connections. I was able to find a way to identify the http traffic by disabling SSL a below:
when CLIENT_ACCEPTED {
if { [TCP::local_port] == 80 } {
log local0.notice "Port 80 connection hit"
SSL::disable
}
}
I can see in the logs this is being hit. The problem I have is that I cannot do the HTTP::redirect if using the "when CLIENT_ACCEPTED", but I cannot identify the port 80 traffic if using the "when HTTP_REQUEST".
Kind of stuck with the 2 not talking to each other in the same irule.
Has anybody else come across this problem?
Many thanks
Do you have Non-SSL Connections enabled in your clientSSL profile?