Forum Discussion

BDunbar_8799's avatar
BDunbar_8799
Icon for Nimbostratus rankNimbostratus
Oct 07, 2009

VIP port 80 to VIP port 443 and iRule language reference

This is what I need to have happen:

 

 

1. User browses to foo.domain.com

 

2. HTTP is morphed to HTTPS

 

3. F5 sends traffic to the IIS server port 443

 

 

Support claimed I could use HTTP Profile for this - see SOL6912 at https://support.f5.com/kb/en-us/solutions/public/6000/900/sol6912.html

 

 

That seems not to be working. While I wait for them to call back I thought I'd poke away at using an iRule.

 

 

Now, as they say, I have two problems. A big reason is my iRule knowledge is limited.

 

 

 

1. Is there an optimal way to make this happen using an iRule?

 

 

2. Is there a language reference for iRule? I see a lot of cookbook-type references in these forums but without a reference it's hard to know how much one can actually do with iRules.

 

 

Thank you in advance.
application delivery
dev
devops
iRules

9 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 08, 2009
    Do you want to allow client to make HTTP requests and have the LTM establish HTTPS connections to the pool? Or do you want to redirect client requests made to an HTTP VIP to HTTPS?

     

     

    There is an iRule wiki which is the primary reference. There are some other links here:

     

     

    TCL and irules

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=13982

     

     

    Aaron
  • BDunbar_8799's avatar
    BDunbar_8799
    Icon for Nimbostratus rankNimbostratus
    Oct 08, 2009
    "Do you want to allow client to make HTTP requests and have the LTM establish HTTPS connections to the pool? Or do you want to redirect client requests made to an HTTP VIP to HTTPS?"

     

     

    In this specific case, the latter. But I would also like to know how to do the former.

     

     

    "There are some other links here: "

     

     

    Ah - good stuff there: thank you!

     

     

    • robert_carney's avatar
      robert_carney
      Icon for Nimbostratus rankNimbostratus
      Oct 05, 2016

      I have a problem like this but only some URI are going back to a 443 and the default pool is port 80 so can not use the ssl profile in on the vip level is there anyway to call the server side profile for only some uris

       

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 09, 2009
    To redirect all HTTP requests to HTTPS you can use an iRule like this:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/HTTPToHTTPSRedirect_301.html

     

    or

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/HTTPToHTTPSRedirect_302.html

     

     

    To allow clients to make HTTP requests to the VIP and have LTM establish an SSL connection to the pool members, you'd define the VIP on port 80, the pool members on 443 and add a server SSL profile.

     

     

    Aaron