Forum Discussion

fab_catalano_10's avatar
fab_catalano_10
Icon for Nimbostratus rankNimbostratus
Apr 03, 2008

help with HTTPs redirect

hi all,

 

I am fairly new to iRules and have pretty much learned everything from dfferent posts here. thanks!

 

 

What i am trying to do is based on source iP address redirect them to a site or pool, below is what i have so far and it works great for http requests but fails for https.

 

 

I added an SSL cert to the VIP and not it is also working for HTTPs, what i wanted to know was if there was a way via iRules to redirect an HTTPs request based on source iP address without terminating the tunnel on the F5...

 

 

when HTTP_REQUEST {

 

if { [matchclass [IP::client_addr] equals $::datagroup1] }{

 

HTTP::redirect "https://mysite.com"

 

} elseif { [matchclass [IP::client_addr] equals $::datagroup2] }{

 

HTTP::redirect"http://myothersite.com"

 

} else {

 

HTTP::redirect "http://mydefaultsite.com"

 

}

 

}
application delivery
dev
devops
iRules

3 Replies

Sort By
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Apr 03, 2008
    If you have terminated the SSL Cert at the F5 then everything is processed after the SSL handshake. Is the backend after the F5 http?

     

     

  • fab_catalano_10's avatar
    fab_catalano_10
    Icon for Nimbostratus rankNimbostratus
    Apr 03, 2008
    Thanks for the quick response.

     

     

    i am not sure i understand the question. i am redirecting to another VIP on the F5, so the backend is eventually after the F5.

     

    i guess i wanted to know if there is any way to get this redirect to work without temintating the tunnel on the F5, ie take the cert off of the VIP...
  • Nicolas_Menant's avatar
    Nicolas_Menant
    Icon for Employee rankEmployee
    Apr 07, 2008
    If the flow is HTTPS, by default the BIGIP won't be able to read the HTTP inside the flow

     

     

    to make it possible, you need to create a client SSL profile and assign it to your VS. This way the BIGIP will be the SSL termination of the flow and it will be able to handle the HTTP request

     

     

    If you still want HTTPS between the BIGIP And the server, add a server SSL profile to your VS