Forum Discussion

newbee_77933's avatar
newbee_77933
Icon for Nimbostratus rankNimbostratus
Jan 13, 2010

http to https redirects

Hi,

 

 

i am new to this and would appreciate some advice. We are moving one of our customers from another load balancer to the F5 LTM running. The customer currently uses 3 VSs a catch all( port 0 VS ), port 443 VS and a port 8080 VS used to offload the 443 traffic , all with the same IP. The port 80 VS redirects traffic to the 443 VS.

 

 

So when we move to the LTM, i guess the following iRule applied to the port 80 VS with the http profile should work :

 

 

when HTTP_REQUEST {

 

HTTP::redirect https://[HTTP::host][HTTP::uri]

 

log local0. "[HTTP::host][HTTP::uri]"

 

}

 

 

The 443 VS will have client SSL profile enabled and the pool members on the 443 VS will listen on say port 8080. So we wont need the port 8080 VS.

 

 

I am guessing this will work, if not please tell me why it wont.

 

 

Is there a more efficient way of doing this? If so how?

 

 

thanks
application delivery
dev
devops
iRules

3 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jan 13, 2010
    Hi,

     

     

    You mentioned that there are three VIPs on port 0, 443 and 8080, but then said there was a port 80 VIP. Can you clarify which ports are configured? In the simplest configuration for HTTP and HTTPS, you'd have a port 80 VIP and a port 443 VIP. The redirect from HTTP to HTTPS would be set on the port 80 VIP. The redirection could be done with an HTTP class or an iRule like the one you listed. Either redirect option would require an HTTP profile on the port 80 VIP.

     

     

    If you want to do HTTP inspection or modification on the 443 VIP, you'd need to import the server cert/key, configure a client SSL profile with the cert/key and then add it and an HTTP profile to the 443 VIP.

     

     

    Overall, it should be a fairly straight forward process. You shouldn't need the port 0 or port 8080 VIPs if you're handling just HTTP and HTTPS traffic.

     

     

    Aaron
  • newbee_77933's avatar
    newbee_77933
    Icon for Nimbostratus rankNimbostratus
    Jan 13, 2010
    Sorry about that,

     

     

    what i meant was currently they have a catchall VS ( port 0 ) which is basically only used for port 80 traffic . So even though it is port 0 the only traffic that ever comes there is port 80 traffic.