*Redirect http to https for Internet clients but not private clients*

Question

How to Redirect all clients from http to https for Internet clients but allow http to private client IP? Following is not working properly:
when CLIENT_ACCEPTED {  
   if { [IP::addr [IP::client_addr] equals 10.0.0.0/8] or

[IP::addr [IP::client_addr] equals 192.168.1.0/24]} {

set redirect 0

} else {

set redirect 1

} 
 } 
 when HTTP_REQUEST {

if {$redirect}{

HTTP::redirect "https://[HTTP::host][HTTP::uri]"

}

mike_61663 · Answer

Maybe try adding the following logging entries to the HTTP_REQUEST section of your iRule to ensure that your source IP and redirect variable values are what you expect....
log local0. "Client IP = [IP::client_addr]
";
log local0. "redirect variable equals $redirect
";

Then from the cli do a "tail -f /var/log/ltm" to see the values.

kevin_stewart · Answer

I concur. You can also save yourself the trouble of a variable assignment by putting everything in one event:
when HTTP_REQUEST {
    log local0. "incoming IP: [IP::client_addr]"
    if { ( [IP::addr [IP::client_addr] equals 10.0.0.0/8] ) or ( [IP::addr [IP::client_addr] equals 192.168.1.0/24] ) } {
        log local0. "local address - allowing"
        return
    } else {
        log local0. "remote address - redirecting"
        HTTP::redirect "https://[HTTP::host][HTTP::uri]"
    }
}

Forum Discussion

Redirect http to https for Internet clients but not private clients

2 Replies

Recent Discussions

Reliable resources for identifying IP addresses

Maximum throughput of f5 ltm

Issue on license renewal

iRule cookie persistence and pool redirect

redirect not working

Related Content

Protect an application exposed on Internet with F5 XC WAAP

Anchor Link Redirect

F5 APM VPN Choking Internet Bandwidth

Enhance your Application Security using Client-side signals

Internet of Food