This is not a question, I'm just putting this out here to help people who have run into this problem. Before 11.4, you could easily redirect from HTTP to HTTPS using HTTP Classes. In 11.4, HTTP Classes are no longer present, and there is not yet a solution article published showing how to accomplish the same thing using Local Traffic Policies. You should be able to get by with this for now. First, you need to Create a policy with the matching strategy of your choice, I chose “best-match”. Chose a name for the policy.This policy should require “http”, and control “forwarding”.You can then add a rule. Choose a name for the ruleFor the rule conditions, leave the defaults in (empty conditions list).For the actions, the target should be “http-reply”, the event should be “request” and the action “redirect”. You will have the location parameter available to you. Set the value to : https://[getfield [HTTP::host] ":" 1][HTTP::uri] . This is exactly the same as it is on the HTTP Class documentation (Ref: http://support.f5.com/kb/en-us/solutions/public/7000/100/sol7125.html?sr=32531961 )Click “Add” for the parameter, then “Add” again to add the action to the list of actions.Click Finished once done, and then you can attach this policy to the virtual server of choice, and it should redirect all requests to the HTTPS equivalent of the incoming host and URI combination.

Very Thanks. aFanen01 Is there a more detailed introduction about the local traffic policy?

Thank you for this. "How to redirect HTTP to HTTPS without an iRule now that HTTP Class Profiles are gone" was difficult to find. How can I make it close the connection afterwards? I have tried everything I could think of, but I always get "Connection: Keep-Alive", and that's not what I want when redirecting the browser to a different TCP port. I tried adding another Rule (all-match strategy on the policy, no condition, http-header response replace / insert name=Connection value=close) to the policy, but it had no effect. I tried using an HTTP Profile that had "Maximum Requests: 1" (and even HTTP 1.1 Pipelining disabled), but it still let me request over and over on the same connection, still said Connection: Keep-Alive, and still redirected me.

Hi Czacek, Unfortunately, I haven't had time to explore it in more depth yet. So I can't answer your questions at this point in time.

Sadly, not at this time. Situation should improve eventually though.

Is it possible to control 301 vs 302?

Creating A Redirect with Local Traffic Policies v11.4

17 Replies

LEON_LI_38034
Nimbostratus
Oct 22, 2013
Very Thanks. aFanen01

Is there a more detailed introduction about the local traffic policy?
- BinaryCanary_19
  Historic F5 Account
  Nov 21, 2013
  Sadly, not at this time. Situation should improve eventually though.
czacek
Nimbostratus
Nov 19, 2013
Thank you for this. "How to redirect HTTP to HTTPS without an iRule now that HTTP Class Profiles are gone" was difficult to find. How can I make it close the connection afterwards? I have tried everything I could think of, but I always get "Connection: Keep-Alive", and that's not what I want when redirecting the browser to a different TCP port. I tried adding another Rule (all-match strategy on the policy, no condition, http-header response replace / insert name=Connection value=close) to the policy, but it had no effect. I tried using an HTTP Profile that had "Maximum Requests: 1" (and even HTTP 1.1 Pipelining disabled), but it still let me request over and over on the same connection, still said Connection: Keep-Alive, and still redirected me.
BinaryCanary_19
Historic F5 Account
Nov 21, 2013
Hi Czacek, Unfortunately, I haven't had time to explore it in more depth yet. So I can't answer your questions at this point in time.
James_Deucker_2
Historic F5 Account
Dec 19, 2013
Is it possible to control 301 vs 302?
BinaryCanary_19
Historic F5 Account
Jan 02, 2014
Hey, unfortunately, it is currently not selectable. There's an open ticket to address this in the hopefully not too distant future. Happy new year :)
Kevin_Davies_40
Nacreous
Jan 23, 2014
If you want finer grained control attach the following iRule.

when HTTP_REQUEST { HTTP::respond 301 Location "https://[getfield [HTTP::host] ":" 1][HTTP::uri]" Connection Close }

You can add headers after connection close just keep adding them as header name, a space, header value etc....
Steve_Duys_1637
Nimbostratus
Jul 14, 2014
Can someone link, supply screenshots? Or describe where this is in the UI? Can't find.
BinaryCanary_19
Historic F5 Account
Jul 16, 2014
There's an image here: http://postimg.org/image/rypfwsqk9/
Mohamed_Lrhazi
Altocumulus
Sep 27, 2014
When will F5 re-introduce HTTP Classes!!!!
JG
Cumulonimbus
Mar 19, 2015
In v11.6.0, the old HTTP profiles are still there, such as /Common/http, and other customised child ones, retained by the upgrade process. It's just that they no longer appear in "Local Traffic" -> Profiles -> Services.

I would like to replicate the function of "Redirect Rewrite" that used to be in the old HTTP profile and it seems that I need to create a rewrite profile instead, not really a "traffic policy" as mentioned above.

Can somebody clarify all this? The solution articles I can find are all about how the old profiles cannot be brought into v11.4.0+ versions for various reasons; there are no specific examples to show how to do it in the new way, and why (to ust say "HTTP class is no longer available" is not that much helpful.)