dazed and confused irule newbie http to https

Here is an example:

when HTTP_REQUEST {
    Check if requested domain is mydomain.com
   if {[string tolower [HTTP::host]] eq mydomain.com}{
       Redirect client to https
      HTTP::redirect https://mydomain.com[HTTP::uri]
   }
}

Aaron

You can also use a similar rule to trigger re-writes from the server to the client:

when HTTP_RESPONSE {
    Check if requested domain is mydomain.com
   if {[string tolower [HTTP::host]] eq mydomain.com}{
       Redirect client to https
      STREAM::expression "@http@https@"
      STREAM::enable
   }
}

HTH,

Colin

Thanks for the quick responses. Let me explain this a different way. The application we have behind the F5 will occasionally redirect to an external site. If I have the HTTP profile rewrite set to all the application will work fine on the mydomain.com. But any redirects it will put https://externaldomain.com.

 

 

If I set the rewrite http profile setting to matching, some redirections within the application to mydomain.com will prompt the user with the message "you are about to be redirected to a connection that is not secure..." But external redirects are working fine (i.e. http://externaldomain.com)

 

 

Since I cannot change the application, I am trying to either stop the message from appearing by ensuring https (which I have done via an irule) or I need to rewrite the protocol for any instance that does not include mydomain.com. Unfortunately that is where I am still struggling.

 

 

Thoughts? for what is worth I am running BIG-IP 9.2.5 Build 5.1

Is the insecure content warning happening because the application is sending a redirect to an http URL hosted on the VIP? Or does the page content contains absolute references to http content (http://example.com/file.jpg for example)? If it's the former, you can rewrite the redirect if it contains your domain using a rule like this:

when HTTP_REQUEST {
    Save the requested host header value for reference in the response
   set host [HTTP::host]
}
when HTTP_RESPONSE {
    Check if this is a redirect (30x response status)
   if {[HTTP::is_redirect]}{
       Replace the http://host with https://host in the Location header
      HTTP::header replace Location [string map -nocase "http://$host" "https://$host" [HTTP::header value Location]]
   }
}

This assumes that you only want to rewrite the Location value from http to https if the host in the redirect Location header is what the client requested.

If the page content contains absolute references to http://, you can use a blank stream profile and an iRule to replace http with https in the response content. Check the STREAM::expression wiki page (Click here) for an example.

Aaron

Just FYI: This is what I went with, sorry for not sharing this sooner. Thanks for all your help.

 

 

when HTTP_RESPONSE {

 

 

Check if this is a redirect (30x response status)

 

if {[HTTP::is_redirect]}{

 

 

if {[HTTP::header value Location] contains ".mydomain.com"}{

 

HTTP::header replace Location [string map -nocase {"http://" "https://"} [HTTP::header value Location]]

 

}

 

}

 

}