http:// to https:// redirect not working

Is the VIP you have the redirect rule added to defined on port 80?

 

 

If so, the rule should work fine. When you say the redirect isn't working, what are the symptoms? Can you add a log statement to the rule to ensure the request is actually making it to the VIP and the rule as expected?

 

 

Can you use a browser plugin like LiveHttpHeaders for Firefox or IEwatch for IE to see what headers/response content is being sent to the client?

 

 

If by chance your VIP is defined on port 0 (any), then you would need to add logic to the rule to only redirect if the request was made to port 80. Deb replied to this post with more info on such a rule (Click here)

 

 

Aaron

The vip .77 has 80 and 443 configured. Off of this vip I have 7 sites attached to it. For some reason I have tried the TCP local port irule and the general redirect rule. For some reason users are unable to just type http://myhomepage.com and get redirected to https://myhomepage.com.

 

 

 

I am not allowed to use any of the software you mentioned on my net.

 

 

The question here is can I configure this irule:

 

 

when HTTP_REQUEST {

 

switch [string tolower [HTTP::host]] {

 

portal.mil { pool sps_pool}

 

sites.mil { pool sites._pool}

 

my.mil {pool_pool}

 

he.mil {pool_pool}

 

she.mil {pool_pool}

 

us.mil {pool_pool}

 

him.mil {pool_pool}

 

default {pool default_pool}

 

}

 

}

 

 

to switch from http:// to https:// this irule is currently connected to my 443 side of my .77 vip.

I believe you want to have requests to your VIP on x.y.z.77:80 redirected to a second VIP on x.y.z.77:443.

If that's the case, just use the original HTTP to HTTPS redirect rule on the x.y.z.77:80 VIP:

when HTTP_REQUEST {
   HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
   log local0. "client [IP::client_addr] redirected to: https://[getfield [HTTP::host] ":" 1][HTTP::uri]"
}

Then use the switch rule on the HTTPS VIP. Clients that access the VIP on port 80 should then be redirected to the same host and URI via HTTPS. Assuming the HTTPS requests are decrypted, the switch rule on the HTTPS VIP would route the request to the corresponding pool.

As your rule is looking for different domains on the .mil top level domain, I assume the client will get prompted to accept an invalid certificate. Nonetheless, they should still get redirected and passed to the corresponding node.

If you still see problems after verifying the rules are added to the correct VIPs, add log statements to each rule to see what is happening and check the /var/log/ltm log file for details.

Aaron

let me be more specific....the client want to type http:// into the url bar in IE and still get to HTTPS://. Would this require a stream profile or a simple redirect. I am getting lost in the sauce over here.

Do you want the client to communicate with the VIP over HTTP but have the BIG-IP communicate with the nodes over HTTPS?

 

 

If that's the case, you don't need a rule on the HTTP VIP, you would need to configure an server SSL profile on the HTTP VIP.

 

 

On the other hand, if you want to redirect the client from HTTP to HTTPS, you can use the redirect rule.

Here is a simple http2https redirect

when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] }

It doesnt do any logging, but when you apply it to your http virtual server it will redirect your client to https. It keeps the host and uri.

So if your client comes into http://yoursite.com/index.html they will get redirected to https://yoursite.com/index.html.

and you can apply the same iRule to multiple virtuals.