edwardthebear_2
Nimbostratus
NimbostratusControlling Secure content - https to http redirect?
Hi Folks,
I'm having a problem with what must be easy iRules, but can't find any references that fit my needs. and i'm failing (and beginning to lose it )
Background, LTM BIG-IP 9.4.5 Build 1086.1 Final
2 VS one on 443 for secure applications, one on 80 for static content.
The requirement is any request that contains "/app1" or "/app2" or "/app3" be 302 redirected to HTTPS, and therefore on to the 443 VS. and on to the secure_pool servers.
I'm doing this with this irule applied to the port 80 VS:
rule Force_https_for_applications {
when HTTP_REQUEST {
if { [HTTP::uri] contains "/app1" or [HTTP::uri] contains "/app2" or [HTTP::uri] contains "/app3" } {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
}
}
All good here.
The next requirement is the one I'm failing on - Everything Else can only be served unsecurely from the content VS. So a 302 redirect to http should fit.
If I attach an inverse rule to the 443 VS then allHTTPS traffic fails with a reset.
Here's one of the many I've tried
rule Force_http_for_content {
when HTTP_REQUEST {
if { not [HTTP::uri] contains "/app1" or not [HTTP::uri] contains "/app2" or not [HTTP::uri] contains "/app3" } {
HTTP::redirect http://[HTTP::host][HTTP::uri]
}
}
}
--------------------------------------------------
For completeness I should say I've had this working using a matchclass rule
when HTTP_REQUEST {
if {not [matchclass [HTTP::uri] contains $::Application_URI ] }
{ HTTP::redirect http://[HTTP::host][HTTP::uri]}
}
where
class Application_URI {
"/app1"
"/app2"
"/app3"
But I can't restore a config archive containing this - maybe a bug, but I can't update the LTM to address this in any useful timescale if it is.
Any help I'd be grateful for,
Ed
