Forum Discussion

Dominicus_Hinda's avatar
Dominicus_Hinda
Icon for Nimbostratus rankNimbostratus
Aug 11, 2006

HTTPS Redirect -> hang

Hi,

 

 

I have tried to use iRule to meet the following requirement:

 

https://abc.com/aaa/xxxx redirect to https://abc.com/aaa/abc/receive:1111

 

https://abc.com/bbb/xxxx redirect to https://abc.com/bbb/abc/receive:2222

 

 

iRule

 

************************************

 

rule redirect_rule {

 

when HTTP_REQUEST {

 

if { ([HTTP::uri] contains “aaa" } {

 

HTTP::redirect https://[HTTP::host]/aaa/abc/receive:1111

 

 

} elseif { ([HTTP::uri] contains “bbb" } {

 

HTTP::redirect https://[HTTP::host]/bbb/abc/receive:2222

 

}

 

 

}

 

}

 

************************************

 

 

But it is hang when I access the above URL.

 

 

How to solve this problem?

 

 

Thanks,

 

application delivery
dev
devops
iRules

5 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 11, 2006
    Hi,

     

     

    I assume that you are using this rule on an HTTPS VIP with a client SSL profile to decrypt the traffic. The rule looks correct, though does your application accept the semi-colon in the URI?

     

     

    Can you add some logging to the rule to see what values you are getting for the URI?

     

     

    You can use:

     

     

    log local0. "URI: [HTTP::uri]"

     

     

    and then tail the /var/log/ltm file to see the output.

     

     

    Do you see any errors in the ltm log file? If you use Live HTTP Heads on Firefox, do you see the correct location being send to the client in the 302 redirect?

     

     

    Aaron
  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    Aug 11, 2006
    Hi Dominicus -

    You have some extra "(" in your if statements, not sure why you're not getting a syntax error, but besides that, the logic looks to me like it will result in an endless redirect loop -- you're redirecting URI's containing "aaa" to a URI containing "aaa", same for "bbb".

    If your intention was to redirect to an HTTPS virtual on port 1111 or port 2222, try this instead:
    if { [HTTP::uri] contains “aaa" } {
   HTTP::redirect https://[HTTP::host]:1111/aaa/abc/receive
} elseif { [HTTP::uri] contains “bbb" } {
   HTTP::redirect https://[HTTP::host]:2222/bbb/abc/receive
}

    If that's not what you're trying to do, you'll have to adjust your redirect conditions to exclude the redirect target URI:
    if { [HTTP::uri] contains “aaa" and [HTTP::uri] -ne /aaa/abc/receive}{

    You might also want to use [string tolower [HTTP::uri]] in your comparisons to make them case-insensitive.

    HTH

    /deb
  • unRuleY_95363's avatar
    unRuleY_95363
    Historic F5 Account
    Aug 11, 2006
    I can't believe no one else sees the problem. Since the place you are redirecting also contains "aaa", you are in an indefinite redirect loop (thus the "hang").

    Based on what you've provided, I would suggest changing your redirect criteria (the if expression) to better identify when you want to redirect. Thus something like this:
    if { ([HTTP::uri] starts_with "/aaa/") and not ([HTTP::uri] starts_with "/aaa/abc/") } {
   HTTP::redirect https://[HTTP::host]:1111/aaa/abc/receive
} elseif  ... same as above for /bbb ...
    Also note, that the location of the port :1111 should be after the host, not at the end of the uri (unless you actually want it as part of the uri).

  • unRuleY_95363's avatar
    unRuleY_95363
    Historic F5 Account
    Aug 11, 2006
    I had started typing my reply before Deb posted her response... Sometimes it takes me a while to actually find the time to provide a response - interruptions here, interruptions there, oh, late for a meeting, etc, etc...

     

     

    Anyway, she obviously answered it also!
  • Dominicus_Hinda's avatar
    Dominicus_Hinda
    Icon for Nimbostratus rankNimbostratus
    Aug 15, 2006
    Hi All,

     

     

    First, thank you for your advice. The iRule is working now, however, I encounter another problem after enable HTTP profile and SSL profile-Client as it is prerequisite for the iRule.

     

     

    When I use the actual ip address of the server (10.83.81.11) instead of the virtual ip address (10.83.64.240) that I defined at the F5 for the HTTP::redirect, the iRule is working.

     

    ********************************************************

     

    when HTTP_REQUEST {

     

    if { ([HTTP::uri] starts_with "/invoke/") and not ([HTTP::uri] contains "/invoke/wm.ip.rn/")} {

     

    HTTP::redirect https://10.83.64.240:4443/invoke/wm.ip.rn/receive

     

    HTTP::redirect https://10.83.81.11:4443/invoke/wm.ip.rn/receive

     

    log local0. "URI: [HTTP::uri]"

     

    } elseif { [HTTP::uri] contains "/b2bv6/" } {

     

    HTTP::redirect https://10.83.64.240:6666/invoke/wm.ip.rn/receive

     

    log local0. "URI: [HTTP::uri]"

     

    }

     

    }

     

    ********************************************************

     

     

     

    However, if I use the virtual ip address (10.83.64.240) for the HTTP::redirect as we want to load balance the incoming traffic to two servers, the page is not displayed correctly -> I only see "[] [] [] [] (" at the web browser.

     

    ********************************************************

     

    when HTTP_REQUEST {

     

    if { ([HTTP::uri] starts_with "/invoke/") and not ([HTTP::uri] contains "/invoke/wm.ip.rn/")} {

     

    HTTP::redirect https://10.83.64.240:4443/invoke/wm.ip.rn/receive

     

    HTTP::redirect https://10.83.81.11:4443/invoke/wm.ip.rn/receive

     

    log local0. "URI: [HTTP::uri]"

     

    } elseif { [HTTP::uri] contains "/b2bv6/" } {

     

    HTTP::redirect https://10.83.64.240:6666/invoke/wm.ip.rn/receive

     

    log local0. "URI: [HTTP::uri]"

     

    }

     

    }

     

    ********************************************************

     

     

    How to solve this issue?

     

     

    Thank you,

     

    Regards,

     

    Dominicus