HTTP to HTTPS redirect on non-standard port

Sure... you can use an iRule, or if you're on 9.4+ you can use an HTTP class to perform the redirect.

 

 

SOL7125: Configuring a virtual server to automatically redirect HTTP requests to HTTPS

 

https://support.f5.com/kb/en-us/solutions/public/7000/100/sol7125.html

 

 

Aaron

Unfortunately that didn't work. I think I need to explain further what I'm trying to do.

 

 

When users go to http://server.domain.com:8700

 

 

I need them to be automatically redirected to https://server.domain.com:8700

 

 

It would be redirected to the same virtual server, only over https.

If the request can be HTTP or HTTPS on the same port, you can track whether there was a client SSL handshake using the CLIENTSSL_HANDSHAKE event and only send a redirect for requests which didn't initiate a n SSL handshake. Because the port stays the same, you can redirect to the same host (including the port) and URI.

 
 when CLIENT_ACCEPTED { 
     Set a variable to track whether this is an HTTPS request 
    set https 0 
 } 
 when CLIENTSSL_HANDSHAKE { 
     There was a client side SSL handshake, so update the variable 
    set https 1 
 } 
 when HTTP_REQUEST { 
     If it's not an HTTPS connection, send a redirect 
    if {not ($https)}{ 
       HTTP::redirect https://[HTTP::host][HTTP::uri] 
    } 
 } 
 

Aaron

I tried the new irule and it's still not working. I'm not getting any error, it just says that page cannot be displayed.

 

 

Not sure if it makes a difference, but I have a client SSL profile set on the virtual server.

 

 

I don't see any messages at all related to the irule in any of the logs.

 

 

Thanks.

Do you have non-SSL enabled on the client SSL profile? This will be required in order to issue a redirect on a non-SSL request.

If it still doesn't work, can you try this version with logging:

 
 when CLIENT_ACCEPTED { 
  
    log local0. "[IP::client_addr]:[TCP::client_port]: new connection to [IP::local_port]:[TCP::local_port]. https 0" 
  
     Set a variable to track whether this is an HTTPS request 
    set https 0 
 } 
 when CLIENTSSL_HANDSHAKE { 
  
    log local0. "[IP::client_addr]:[TCP::client_port]: new connection to [IP::local_port]:[TCP::local_port]. https 1" 
  
     There was a client side SSL handshake, so update the variable 
    set https 1 
 } 
 when HTTP_REQUEST { 
     If it's not an HTTPS connection, send a redirect 
    if {not ($https)}{ 
       log local0. "[IP::client_addr]:[TCP::client_port]: new connection to [IP::local_port]:[TCP::local_port] redirecting http" 
  
       HTTP::redirect https://[HTTP::host][HTTP::uri] 
    } 
 } 
 

Aaron

You are awesome. I didn't have the non-SSL option set.

 

 

It's working now.

 

 

Thank you very much!!!

rule worked wonderfully! Thanks

I have the same requirement, if user access the URL with HTTPS, no change in URL. If user access the URLwith HTTP, should redirect to https, I am also using non-standard port URLS.

 

https://abc.com:8888 ==> no change

 

http://abc.com:8888 ==> redicet to https://abc.com:8888

 

It's perfectly working fine with below config

 

1) Create SSL Client profile with allowing Non-SSL Connections ( You need to modify default config)

 

2) Create VIP with 8888 port and use SSL client profile

 

3) Configure below iRule

 

when HTTP_REQUEST {

 

if { [URI::protocol [HTTP::uri]] eq "http" } {

 

HTTP::redirect https://[getfield [HTTP::host] ":" 1]:[TCP::local_port][HTTP::uri]

 

}

 

}