Redirecting one HTTPS url to another HTTPS url

http://www.mydomain.com/ gets redirected to https://m.mydomain.com/content/mobile/en/home.html no problem

 

 

https://www.mydomain.com/ fails

What port does the Virtual Server listen on please? Is an SSL profile assigned, i.e. are you terminating the SSL on the F5? I don't see how you can be as then the HTTP connections wouldn't work. If you're not terminating the SSL, the traffic remains encrypted as it passes through the device and iRules obviously can't read or modify it's contents.

The both of the Virtual servers are listening on 443 and they have an SSL profile assigned

Let me clarify that, the http is flowing through a different Virtual server on port 80 but using the same iRule thus redirecting to the same destination https. There is no sslprofile on the http/port80 Virtual server.

Hi,

 

maybe there is some difference in your User-Agent Header value when you access the site via https. Can you log the header values for your User-Agent Header. If they are not matching, there will be no redirect with your rule.

 

 

Regards,

 

 

Sören

OK, I understand the setup. I don't see any reason why this wouldn't work; the iRule looks just fine, the VS setup you've described sounds fine. If the SSL clients are causing the log entries in both places it's configured then clearly the iRule can read the client data. I'd suggest a few things to try;

 

 

1) Do a tcpdump and capture some packets to a file. Wireshark can decrypt them just fine in most cases as long as you have the private key. Or you could use ssldump and do it live on the box.

 

2) If you don't want to or can't do that; add some more logging, I'd recommend logging the request method, also log that and the other data for connections that don't hit the www match.

 

3) Try [HTTP::redirect] instead of [HTTP::respond] just to see if that works

 

4) Is there anything you can do on the client side? Can you confirm if the redirect is actually received or not? Perhaps it is but it's ignored?

I did some traces and basically found that it did not look like a response was getting sent back... On a hunch I removed another iRule that was called after this one and it appears to work, except it is missing the logic in the other iRule now. So the question is, how can I get the request to not process through other irules.

 

 

Note the other irul in question has a section for http_response where this one does not. Is this the area that I am getting hung up in?

So the question is, how can I get the request to not process through other irules. i do not think HTTP_RESPONSE event is executed after running HTTP::respond in HTTP_REQUESTED event.

[root@ve10:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
   log local0. ""
}
when HTTP_REQUEST {
   log local0. ""
   HTTP::respond 301 Location "https://m.mydomain.com/content/mobile/en/home.html"
}
when HTTP_RESPONSE {
   log local0. ""
}
when CLIENT_CLOSED {
   log local0. ""
}
when SERVER_CLOSED {
   log local0. ""
}
}
[root@ve10:Active] config  tail -f /var/log/ltm
Oct 19 21:28:00 local/tmm info tmm[7926]: Rule myrule :
Oct 19 21:28:00 local/tmm info tmm[7926]: Rule myrule :
Oct 19 21:28:00 local/tmm info tmm[7926]: Rule myrule :

can you try ssldump to see what is going on?

sol10209: Overview of packet tracing with the ssldump utility

http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html

Best bet would be to combine the two iRules, have the HTTP_REQUEST first and use 'event disable HTTP_RESPONSE' after you've sent your redirect (and only then) and then re-enable HTTP_RESPONSE at the end of the rule.

Hi, try:

HTTP::respond 301 Location "https://m.mydomain.com/content/mobile/en/home.html"
event HTTP_REQUEST
disable return

Does it work?