iRule multiple redirect/respond invocations not allowed

So if a client makes a request over port 80 for / both paths through the iRule will try to send a redirect.

 

 

Is this iRule used on an HTTP VIP (like 1.2.3.4:80) or many ports? If a single port, can you clarify why you're checking the destination port check?

 

 

Aaron

Hello Mr. Aaron, the HTTP VIP is like 1.2.3.4:443

 

 

I check the origin port 80 in case that someone changes https to http, so it forces to redirect to Login.jsp through https and it works fine.

 

 

As you said there is a double check when someone requests port 80 and /, I think I'd have to add "return 0" at the end of each rule. But I still have the question, why is not always redirecting? maybe 5% of the requests are rejected from outside of our network, but manually forcing "https" it works for the users. It always redirects from the lan.

 

 

Thanks.

 

 

If someone makes a request to http://vip:443 they could make an unencrypted HTTP request to an HTTPS VIP. But the port would always be 443.

If you want to gracefully handle HTTP requests to an HTTPS VIP, you can enable non-SSL connections on the client SSL profile and then use an iRule like this:

 
  http://devcentral.f5.com/wiki/default.aspx/iRules/Redirect_non_ssl_requests_on_ssl_vs_rule.html 
  
 when HTTP_REQUEST {  
  
     Check if the client used an SSL cipher  
    if {not ([catch {SSL::cipher version} result]) && $result ne "none"}{  
  
        Client did use a cipher  
       log local0. "\$result: $result. Allowing encrypted request."  
  
       if {[HTTP::path] eq "/"}{ 
          HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp" 
       } 
  
    } else {  
  
        Client did not use a cipher  
       log local0. "\$result: $result. Redirecting unencrypted request."  
       HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp" 
    }  
 } 
 

Aaron

Thanks. This solutions is better.

Hi - I'm getting the following error:

 

 

Sep 9 07:09:42 local/tmm err tmm[5253]: 01220001:3: TCL error: ir_final_maintpage - Operation not supported. Multiple redirect/respond invocations not allowed (line 12) invoked from within "HTTP::respond 503 content "Hanley Wood, LLC - Maintenance Page

 

Here is my iRule:

 

when HTTP_REQUEST {

 

 

sets the timer to return client to host URL

 

set stime 10

 

 

Use the Host header value for the responses if it's set. If not, use the VIP address.

 

if {[string length [HTTP::host]]}{

 

set host [HTTP::host]

 

} else {

 

set host [IP::local_addr]

 

}

 

 

Check if the URI is /maintenance

 

switch [HTTP::uri] {

 

"/maintenance" {

 

 

Send an HTTP 503 response with a Javascript meta-refresh pointing to the host using a refresh time

 

HTTP::respond 503 content \

 

"Hanley Wood, LLC - Maintenance Page\

 

This webpage is currently unavailable; please check back again shortly.

 

" "Content-Type" "text/html"

 

return

 

}

 

}

 

If the pool_testLB is down, redirect to the maintenance page

 

if { [active_members [LB::server pool]] < 1 } {

 

HTTP::redirect "http://$host/maintenance"

 

return

 

}

 

}

 

 

So, I'm thinking about using the TCP::close option but am not sure where to put this. Any thoughts as to why these TCL errors keep showing up?

 

 

Thanks in advance.

 

 

-Albert.