Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

iRule redirection with filter ... ?

Hello @ll 
I have a 2 vips http and https there is standard redirection from http to https and its working ...
BUT i need to change this a bit and here is my question :
Is it possible to have users coming from URL : abcwebsite.com going to HTTP VIP will not be redirected to HTTPS vip , but when users are coming from URL : abcwebsite.new.com will be redirected to HTTPS vip ? 
0
Rate this Question
Comments on this Question
Comment made 23-Dec-2016 by slesh 200

little update additional url: - abcwebsite.com going to HTTP VIP will not be redirected to HTTPS vip - (with special sign) äbcwebsite.com going to HTTP VIP will not be redirected to HTTPS vip So there will be 2 www with no redirection to https .

0
Comment made 23-Dec-2016 by slesh 200
i found something like that but can someone help me with this and confirm it is ok or  correct it please ? :)  

when HTTP_REQUEST {
    switch [string tolower [HTTP::host]] {
        "abcwebsite.com" {
            HTTP::respond 301 Location "http://abcwebsite.com[HTTP::uri]"
        }
        "äbcwebsite.com" {
            HTTP::respond 301 Location "http://äbcwebsite.com[HTTP::uri]"
        }
        "abcwebsite.new.com" {
            HTTP::respond 301 Location "https://abcwebsite.new.com[HTTP::uri]"
        }
    }
}

2nd one ******************************************

when HTTP_REQUEST {
    if { [string tolower [HTTP::host]] equals "abcwebsite.com" } {
        HTTP::respond 301 Location "http://abcwebsite.com[HTTP::uri]"
    } elseif { [string tolower [HTTP::host]] equals "äbcwebsite.com" } {
        HTTP::respond 301 Location "http://äbcwebsite.com[HTTP::uri]"
    } else {
    HTTP::redirect https://[HTTP::host][HTTP::uri]"
    }
}
0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

There are a couple of issues with your example iRule, so let's have a look at it:

when HTTP_REQUEST {
    switch [string tolower [HTTP::host]] {
        "abcwebsite.com" {
            HTTP::respond 301 Location "http://abcwebsite.com[HTTP::uri]"
        }
        "äbcwebsite.com" {
            HTTP::respond 301 Location "http://äbcwebsite.com[HTTP::uri]"
        }
        "abcwebsite.new.com" {
            HTTP::respond 301 Location "https://abcwebsite.new.com[HTTP::uri]"
        }
    }
}

The first case, abcwebsite.com will create an infinite redirect loop, since when you redirect to abcwebsite.com[HTTP::uri] you will match that again and redirect again, and again and...

To solve this you simple don't redirect at all. The idea is that if HTTP:host returns abcwebsite.com that traffic should be sent through to the servers, right? So it would look like this:

"abcwebsite.com" {
    pool abcwebsite.com_pool
}

Or whatever your pool might be named for the application.

The second case, with äbcwebsite.com, this is actually not what the BIG-IP will see. Unless something has changed since last I looked at this, those characters aren't actually "allowed" so while you can register a name with special characters, the browser will encode those characters according to a specific method, and that's what will be sent in the host header. So the name will have to be encoded with an IDN converter and then you'll get this: xn--bcwebsite-u2a.com. Again, the example would create an infinite redirect loop so just send that to a pool as well.

The third one though is perfectly fine.

So that gives us something like this:

when HTTP_REQUEST {
    switch [string tolower [HTTP::host]] {
        "abcwebsite.com" {
            pool abcwebsite.com_pool
        }
        "xn--bcwebsite-u2a.com" {
            pool aumlbcwebsite.com_pool
        }
        "abcwebsite.new.com" {
            HTTP::respond 301 Location "https://abcwebsite.new.com[HTTP::uri]"
        }
    }
}

The correct pool names has to be inserted of course.

1
Comments on this Answer
Comment made 26-Dec-2016 by slesh 200

Thank you for your time with this . I will try to implement this this week and we will see - i was think about "default" at the end but wasnt sure if this would be ok either way so :)

marry xmas and happy new year :) Henrik

0
Comment made 19-Jan-2017 by slesh 200

Hello Henrik

We talk with users and we dropped idea with special sign in address (äbc) .

We found problem in our case . The issue is when users type https://abcwebsite.com than we have a problem because its hitting directly to https vip ... I think your irule is correct but in our case it doesnt help because we cant force users to use only http for this or this address they can type https ...

So this is one idea which can help :

when HTTP_REQUEST {
if {  [string tolower [__HTTP::host]] contains "abcwebsite.new.com"   } {
    virtual vip_abcwebsite.new.com_https
} else {
    pool pool_abcwebsite.com_http
}

}

when user will type abcwebsite.new.com traffic will go to https vip and this part of irule is working ... but when they try abcwebsite.com traffic is not redirected to pool_abcwebsite.com_http and user get "page cannot be displayed" and i cant fix this one . I think if we will fix this part when all other traffic will go to http pool than it will work as it should . Can you please take a look ?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello slesh,

You can resolve this by configuring :

1) A VS vip_abcwebsite.new.com_https listening on port 443

2) A VS vip_abcwebsite.com_http listening on port 80 with the irule that redirects traffic from http to https for abcwebsite.new.com and do nothing (accept traffic) for abcwebsite.com

when HTTP_REQUEST { 
if {  [string tolower [HTTP::host]] equals "abcwebsite.new.com"   } {
  HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
  } elseif { [string tolower [HTTP::host]] equals "abcwebsite.com" } {
  #do nothing
  } else {
  #reject the traffic if using other hostname (optional)
  reject
}
}

In this manner all traffic going to abcwebsite.new.com will be in https and all traffic going to abcwebsite.com will be in http...

Hope that it helps

regards

0