Forum Discussion

scot_hartman_82's avatar
scot_hartman_82
Icon for Nimbostratus rankNimbostratus
Feb 26, 2009

HTTP redirect based upon URL

 

I'm fairly new to iRules. I went through examples I've found on the forums but wanted to see if anyone has time to double check my logic/syntax...

 

 

I have two VIPs on the same IP. One on 80 and one on 443. The 80 only has an iRule as a resource to redirect to the 443.

 

 

I have an existing iRule applied to the VIP listening on port 80 to redirect to https...

 

 

when HTTP_REQUEST {

 

HTTP::redirect https://app.abc.org[HTTP::uri]

 

}

 

 

I was specific about the host so it would match the certificate I have on the SSL VIP.

 

 

 

The VIP on 443 terminates SSL with a cert for "app.abc.org" and has a pool of servers listening on port 80 behind it. There is no iRule currently applied to this VIP.

 

 

 

A new requirement is coming up where several more URLs currently hosted elsewhere will have their DNS updated to use the IP that hosts this VIP.

 

 

They will need to be redirected to the "app.abc.org" that matches the SSL cert but with a special path... "https://app.abc.org/new-app/home"

 

 

They include...

 

http://new-app.abc.com

 

http://new-app.abc.org

 

http://new-app.abc.net

 

http://www.new-app.abc.com

 

http://www.new-app.abc.org

 

http://www.new-app.abc.net

 

 

(as well as the https versions of the above)

 

 

 

So I'm thinking I can set an 'if' to look for "new-app.abc" in the host requested and redirect all the ones that include new-app.abc to the "https://app.abc.org/new/home" and leave the original redirect in as an 'else' for the rest of the requests that may be looking for other uri paths.

 

 

I'm guessing I'd also need to add a redirect iRule on the 443 VIP to redirect all the https attempts made to new-app.abc to be "https://app.abc.org/new/home" but without need for the else part

 

 

 

My thoughts

 

 

 

On the 80 VIP...

 

 

when HTTP_REQUEST {

 

if { [HTTP::host] contains "new-app.abc" } {

 

HTTP::redirect https://app.abc.org/new/home

 

}

 

else {

 

HTTP::redirect https://app.abc.org[HTTP::uri]

 

}

 

}

 

 

 

On the 443VIP...

 

 

when HTTP_REQUEST {

 

if { [HTTP::host] contains "new-app.abc" } {

 

HTTP::redirect https://app.abc.org/new/home

 

}

 

}

 

 

Any thoughts and insights are appreciated.

 

 

Thanks,

 

Scot

 

 

 

 

 

 

 

application delivery
dev
devops
iRules

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Feb 27, 2009
    Hi Scot,

     

     

    What you're describing should work fine for the HTTP VIP. You could use a datagroup to define the host the client will request and the corresponding URL you want to redirect to. You could then use findclass (Click here) to check the requested hostname and look up the corresponding redirect. Check the wiki page for a few examples and reply back here if you have any questions.

     

     

    For the HTTPS VIP, you're limited to supporting one certificate for one VIP. So if clients did make an HTTPS request using a hostname that didn't match the cert, they would get a cert mismatch error before you would be able to redirect them to a new location. You may be able to get a cert valid for all subdomains on your domain (a wildcard cert valid for *.example.com) or you could get a cert valid for multiple hostnames on different domains using subject alternate names (SANs). Try searching the forums here for SAN SSL or subject alternate name for some more information and links.

     

     

    It would be more ideal to avoid clients making requests via HTTPS to different hostnames that resolve to the same IP address.

     

     

    Aaron

     

     

  • scot_hartman_82's avatar
    scot_hartman_82
    Icon for Nimbostratus rankNimbostratus
    Feb 27, 2009
    Aaron,

     

     

    Excellent. Thanks for the review and the heads-up on the SSL cert.

     

     

    I'll look through the findclass to see if I can refine this.

     

     

    Thanks much,

     

    Scot