Redirecting https traffic to an https subdomain?

Question

Quick disclaimer, while I know what iRules do, I haven't bothered implementing any, because we haven't really needed to, but laws make things complicated, so we're looking for a way to reroute traffic from a main URL to specific subdomains (based on country)

I work for a health and wellness company that does HRA (health risk analysis) for a variety of corporations and governments around the world. Recent law changes in two of the countries we do business in require that all health information remain on servers in their respective countries. Our sales director is concerned about fracturing our customers among many different URLs because of potential customer confusion, so ...

All of our incoming traffic right now goes to:

https://www.domain.com/customername/portal or https://www.domain.com/customername/admin

What I'd like to do is for specific values of redirect them to:

https://subdomain.domain.com/customername/portal or admin.

Right now we have around 1400 distinct customer URLs, and of these 240 need to be redirected to their proper datacenters. I've seen a lot written on redirecting http to https and the like, but nothing about redirecting an https request. Are there problems doing this because of the nature of https sessions? Is something like this possible at all?

A lot of our customers currently use the standard URL and it would be difficult from a sales and customer satisfaction perspective to ask them to change the URL they go to (there's a lot of printed material with the main URL on it for various customers who resell our services).

Any help would be appreciated!

nitass · Answer

&nbsp;Are there problems doing this because of the nature of https sessions? Is something like this possible at all?yes, it is possible. &nbsp;
&nbsp;e.g. &nbsp;
&nbsp;[root@ve1023:Active] config  b virtual bar list
&nbsp;virtual bar {
&nbsp;   destination 172.28.19.79:443
&nbsp;   ip protocol 6
&nbsp;   rules myrule
&nbsp;   profiles {
&nbsp;      clientssl {
&nbsp;         clientside
&nbsp;      }
&nbsp;      http {}
&nbsp;      tcp {}
&nbsp;   }
&nbsp;}
&nbsp;[root@ve1023:Active] config  b class name_dg list
&nbsp;class name_dg {
&nbsp;   "coffeebean" { "sg" }
&nbsp;}
&nbsp;[root@ve1023:Active] config  b rule myrule list
&nbsp;rule myrule {
&nbsp;   when HTTP_REQUEST {
&nbsp;   set host [string tolower [HTTP::host]]
&nbsp;   if {$host starts_with "www."} {
&nbsp;      set cust [getfield [HTTP::uri] "/" 2]
&nbsp;      if {[class match -- $cust equals name_dg]} {
&nbsp;         HTTP::redirect " map "www [class match -value $cust equals name_dg]" $host][HTTP::uri]"
&nbsp;      }
&nbsp;   }
&nbsp;}
&nbsp;}
&nbsp;[root@ve1023:Active] config  curl -Ik https://www.domain.com/coffeebean/portal
&nbsp;HTTP/1.0 302 Found
&nbsp;Location: https://sg.domain.com/coffeebean/portal
&nbsp;Server: BigIP
&nbsp;Connection: Keep-Alive
&nbsp;Content-Length: 0&nbsp;
[root@ve1023:Active] config  curl -Ik https://www.domain.com/coffeebean/admin
&nbsp;HTTP/1.0 302 Found
&nbsp;Location: https://sg.domain.com/coffeebean/admin
&nbsp;Server: BigIP
&nbsp;Connection: Keep-Alive
&nbsp;Content-Length: 0&nbsp;&nbsp;

rprague_79440 · Answer

First, thank you for the reply, I think I've got this down, but there are a couple of questions I have. &nbsp;
&nbsp; first, we don't use www.domain.com, its just domain.com, so is there any problem with creating this iRule: &nbsp;
&nbsp; rule myrule { 
&nbsp;  when HTTP_REQUEST {  
&nbsp;    set host [string tolower [HTTP::host]] 
&nbsp;    set cust [getfield [HTTP::uri] "/" 2] 
&nbsp;    if {[class match -- $cust equals name_dg]} { 
&nbsp;      HTTP::redirect "https://[class match -value $cust equals name_dr] $host[HTTP::uri]" 
&nbsp;    } 
&nbsp;  } 
&nbsp; } &nbsp;
&nbsp;What is should do is change https://domain.com/customer/admin to https://sub.domain.com/customer/admin if I have that worded right.
&nbsp; I can't actually test it, because I can't figure out how to create the "name_dg" class you showed in your reply.  If you have any pointers on doing that, I'd appreciate it.  I'll keep digging through the knowledge base in the meantime.&nbsp;

rprague_79440 · Answer

I'm currently running the following version: &nbsp;
&nbsp; Version BIG-IP 9.3.1 Build 37.1 &nbsp;
&nbsp; If that changes how this needs to be configured.&nbsp;&nbsp;edit: Looks like the class command was implemented in 10.x, so this may not work for me as written, no? &nbsp;

hooleylist · Answer

Hi rprague, 
&nbsp;  
&nbsp; For 9.3 you can use findclass for the data group lookup. 
&nbsp; http://devcentral.f5.com/wiki/iRules.findclass.ashx 
&nbsp;  
&nbsp; Aaron

rprague_79440 · Answer

Thank you Aaron, I'll start looking at that right now.

Forum Discussion

Redirecting https traffic to an https subdomain?

8 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Rewrite Subdomain

irule uri traffic redirection failing

fellow traffic

iRule that saves subdomain

Anchor Link Redirect