Question on (what should be) a simple redirect -

It looks like you're mixing our interpretation of URI and URL.

 

 

What does your log entry show for [HTTP::uri]? I would expect that the URI would be "/fooserver/foo", not "https://someserver.somedomain.net/fooserver/foo"

 

 

Are you trying to redirect if someone accesses the VIP through a bad hostname? If so, you should take a look at the [HTTP::host] value. If not, can you explain what you're trying to do?

 

 

Aaron

You're correct about the URI logged being /fooserver/foo.

 

 

What I'm trying to do is if someone accesses the URI /fooserver/foo, on the virtual server this rule is applied to, then redirect them to a different URL.

 

 

I altered the rule to reflect the correct URI, but redirection does not occur.

 

 

when HTTP_REQUEST {

 

log local0. "Checking URI [HTTP::uri] from [IP::client_addr] for insecure calls to some server"

 

if { [string tolower [HTTP::uri]] equals "/fooserver/foo"} {

 

HTTP::redirect "https://redirect.somedomain.net"

 

log local0. "Request for [HTTP::uri] from [IP::client_addr] is being sent to the other site"

 

}

 

}

 

 

 

Thanks for your help !

Can you post the log output from your log statements? Your code looks correct so without knowing the exact contents of the HTTP::uri value it's hard to guess at what is going wrong.

 

 

-Joe

The rule logs this string:

 

 

Rule Randy_Test : Checking URI /fooserver/foo from 209.221.139.195 for insecure calls to some server

 

 

What happens is the the client continues on to the URL

 

https://someserver.somedomain.net/fooserver/foo

 

 

rather than being redirected to

 

 

https://redirect.somedomain.net

So is the second log statement not being reached? Since you only included the first log statement in your response I'm assuming the one in the enclosed if statement is not being reached. Is that a correct assumption. I have no clue on why a simple string comparison would not work.

I would recommend using log statements in all logic paths.

when HTTP_REQUEST {
  log local0. "Checking URI '[HTTP::uri]' from [IP::client_addr] for insecure calls to some server"
  if { [string tolower [HTTP::uri]] equals "/fooserver/foo"} {
    log local0. "Request for '[HTTP::uri]' from [IP::client_addr] is being sent to the other site"
    HTTP::redirect "https://redirect.somedomain.net"
  } else {
    log local0. "Request for '[HTTP::uri]' from [IP::client_addr] is being allowed"
  }
}

An alternate approach you could try would be something like this:

when HTTP_REQUEST {
  log local0. "Checking URI '[HTTP::uri]' from [IP::client_addr] for insecure calls to some server"
  switch [string tolower [HTTP::uri]] {
    "/fooserver/foo" {
      log local0. "Request for '[HTTP::uri]' from [IP::client_addr] is being sent to the other site"
      HTTP::redirect "https://redirect.somedomain.net"
    }
    default {
      log local0. "Request for '[HTTP::uri]' from [IP::client_addr] is being allowed"
    }
  }
}

The only thing I can think of if the equals operator isn't succeeding is that the original string has a space in it or something to make the equals not succeed. That's why I've included quotes in the log statement to help rule that out.

If it is actually getting to the HTTP::redirect command and that isn't in fact issuing a redirect to the client, then that's a product issue that you'll have to take up with product support.

Run one of these rules through and pass along the full log output and well see where we stand.

-Joe

Thanks, Joe - The first sample works like a champ.

 

Not sure what was going on with my original, it just wasn't working.

Whewww. I was about to be stumped on that one...

 

 

Glad to hear it's working and feel free to ping us again if you get stuck on anything.

 

 

-Joe