Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

How test in a LTM policy if traffic is coming from HTTPS?

How can I test in a LTM policy if traffic is coming from HTTP or HTTPS.

We have a HTTP VS and a HTTPS VS sharing the same policy.

Now we have a new client who only wants HTTPS traffic.

I can select HTTP HOST equal to xxxx.infrabel.be and HTTP HOST port equal 80 to select HTTP traffic.

HTTP HOST equal to xxxx.infrabel.be and HTTP HOST port equal 443 doesn't work.

I could specify HTTP HOST equal to xxxx.infrabel.be and HTTP HOST port NOT equal 80 to select HTTPS traffic, but I should prefer test on 443.

Can someone help me?

Thanks

Jan

0
Rate this Question
Comments on this Question
Comment made 1 week ago by cjunior 1529

Hi, So why you don't try with TCP port checking instead of host port check?
What is the BIG-IP version running?
Regards.

0
Comment made 1 week ago by jan de wachter 281

We are at version: BIG-IP 12.1.2 Build 1.0.271 Hotfix HF1

For almost all applications we have HTTP and HTTPS functions. We are terminating the HTTPS on the F5. Both VS (HTTP and HTTPS) share the same policy for redirecting the flow to the destination pool.

Now there is an application that only wants HTTPS. So the policy should only accept (and redirect) the HTTPS flow.

So I need to test in my policy if the origin of the flow is HTTPS. How do I do this.

We try not to use iRules since iRule errors can affect the whole system.

Thanks

0
Comment made 1 week ago by jan de wachter 281

How can I put this into a LTM policy: Condition: [TCP::local_port] = HTTPS (443)

Please some help would be appreciated.

Jan

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi, If I'm right, in v12.1.1 you do this way:

Image Text

This is a print from v13.0.0, let me know if is different from v12.1.1 screen policy.
Regards

0
Comments on this Answer
Comment made 1 week ago by jan de wachter 281

It works! Thanks a lot. In v12.1.1 it is the same. I didn't see the options - specifying to apply on local side. Let's say, not seeing these options is a little bit confusing.

But it works - Great Job

0
Comment made 1 week ago by cjunior 1529

Well, if it worked, you found that options, right?
Cheers. :)

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I am not sure to understand your problem. Do you want to redirect all traffic to http to the https Virtual Server? You only should add an iRule on http VS.

when HTTP_REQUEST {
   HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
0