Forum Discussion

Jay_Prasanth_13's avatar
Jay_Prasanth_13
Icon for Nimbostratus rankNimbostratus
Dec 05, 2013

How to force HTTPS on masked uri?

can anyone help me to force HTTPS on masked uri?

 

For eg : if {[HTTP::uri] eq "/dd" HTTP::uri "/xx/yyy/ddd"

 

Current outcome - http://mysite/dd , however HTTPS works if mention explicitly. Expected outcome - force to HTTPS

 

application delivery
devops
iRules

6 Replies

Sort By
  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Dec 06, 2013

    so if I am correctly interpreting your requirements, you want to force /dd to HTTPS, and if it is HTTPS, rewrite the URI to /xx/yyy/ddd?

    when HTTP_REQUEST {
    if {[HTTP::uri] eq "/dd"} {
        if {[TCP::local_port] == 80} {
             Force to HTTPS
            HTTP::redirect "https://[HTTP:host][HTTP::uri]
            return
        } else {
             It's already HTTPS,  rewrite URI
            HTTP::uri "/xx/yyy/ddd"
        }
    }
    • Jay_Prasanth_13's avatar
      Jay_Prasanth_13
      Icon for Nimbostratus rankNimbostratus
      Dec 16, 2013
      To be more precise . Actual requirement from the business is to mask url from HTTPS://XX.COM/YYY/DD to HTTPS://XX.COM/DD . /YYY to be hidden I attained this by .. when HTTP_REQUEST { if {[HTTP::uri] eq "/dd" }{ HTTP::uri "/yyy/dd" } } With the above iRule , http and https working fine individually. But the requirement is to force http to https.
    • Christian_30338's avatar
      Christian_30338
      Historic F5 Account
      Dec 16, 2013
      I am assuming that you have a port 80 virtual server and a port 443 virtual server. If the iRule posted above is working OK on HTTPS website then just enable the HTTP to HTTPS redirect on the port 80 virtual server. Something simple like this should do the redirect. when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] }
    • Jay_Prasanth_13's avatar
      Jay_Prasanth_13
      Icon for Nimbostratus rankNimbostratus
      Dec 16, 2013
      I missed this one ... , HTTPS://XX.COM/YYY/DD is a vanity URL . You are right , we have 80 and 443 , the iRule you have stated is already in place , it forces HTTPS for default URL's , but not for VANITY URL's. Eg. in current setup ,when I type in the browser , http://xx.com --> it redirects to https://xx.com/yyy/dd requirement is if I type explicitly , http://xx.com/dd --> it should redirects internally to vanity URL https://xx.com/yyy/dd ( should hide /yyy and force https )
  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Dec 19, 2013

    Hi Jay,

    If what you want when a user enters http://xx.com/dd is for;-

    Then the iRules snippet I gave above, if applied to both the http/https virtuals, will do what you want (reproduced here with minor change)

    when HTTP_REQUEST {
    if {[string tolower [HTTP::uri]] eq "/dd"} {
        if {[TCP::local_port] == 80} {
             Force to HTTPS
            HTTP::redirect "https://[HTTP:host][HTTP::uri]
            return
        } else {
             It's already HTTPS,  rewrite URI
            HTTP::uri "/yyy/dd"
        }       
    }
 }

    Otherwise I am unsure what is needed.