HTTPS redirects

Question

Hello,
I am a complete novice as far as f5 devices are concerned, and I need to achieve the following:&nbsp;
Any traffic to http://testssl.mydomainmail.co.uk gets redirected to https://testssl.mydomain.co.uk/login&nbsp;
Any traffic to http://testssl.mydomainmail.co.uk/anything gets redirected to https://testssl.mydomain.co.uk/anything (where “anything” could be any URL)&nbsp;
Any traffic to http://testssl.mydomain.co.uk/login gets redirected to https://testssl.mydomain.co.uk/login&nbsp;
Any traffic to http://testssl.mydomain.co.uk/xxxlz/anything gets redirected to https://testssl.mydomain.co.uk/xxxlz/anything (where xxx can be anything)&nbsp;
So far I have this:&nbsp;
•         Any traffic to http://testssl.mydomainmail.co.uk gets redirected to https://testssl.mydomain.co.uk/login&nbsp;
1          when HTTP_REQUEST {
2if{ [HTTP::host] contains "http://testssl.mydomainmail.co.uk"} {&nbsp;
3        HTTP::redirect https://testssl.mydomain.co.uk/login [HTTP::uri]&nbsp;
•         Any traffic to http://testssl.mydomain.co.uk/login gets redirected to https://testssl.mydomain.co.uk/login&nbsp;
1          when HTTP_REQUEST {
2if{ [HTTP::host] contains "http://testssl.mydomain.co.uk/login"} {&nbsp;
3        HTTP::redirect https://testssl.mydomain.co.uk/login [HTTP::uri]&nbsp;
Any help would be appreciated.&nbsp;

nitass_89166 · Answer

e.g.
 config

[root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if { [HTTP::host] eq "testssl.mydomainmail.co.uk" } {
    switch [string tolower [HTTP::path]] {
      "/" {
        HTTP::redirect "https://testssl.mydomain.co.uk/login"
      }
      default {
        HTTP::redirect "https://testssl.mydomain.co.uk[HTTP::uri]"
      }
    }
  } elseif { [HTTP::host] eq "testssl.mydomain.co.uk" } {
    switch -glob [string tolower [HTTP::path]] {
      "/login" -
      "/???lz/*" {
        HTTP::redirect "https://testssl.mydomain.co.uk[HTTP::uri]"
      }
    }
  }
}
}

test

[root@ve11a:Active:In Sync] config  curl -I http://testssl.mydomainmail.co.uk
HTTP/1.0 302 Found
Location: https://testssl.mydomain.co.uk/login
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve11a:Active:In Sync] config  curl -I http://testssl.mydomainmail.co.uk/anythingbhabhabha
HTTP/1.0 302 Found
Location: https://testssl.mydomain.co.uk/anythingbhabhabha
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve11a:Active:In Sync] config  curl -I http://testssl.mydomain.co.uk/login
HTTP/1.0 302 Found
Location: https://testssl.mydomain.co.uk/login
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve11a:Active:In Sync] config  curl -I http://testssl.mydomain.co.uk/123lz/anythingbhabhabha
HTTP/1.0 302 Found
Location: https://testssl.mydomain.co.uk/123lz/anythingbhabhabha
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

nitass · Answer

e.g.
 config

[root@ve11a:Active:In Sync] config  tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  if { [HTTP::host] eq "testssl.mydomainmail.co.uk" } {
    switch [string tolower [HTTP::path]] {
      "/" {
        HTTP::redirect "https://testssl.mydomain.co.uk/login"
      }
      default {
        HTTP::redirect "https://testssl.mydomain.co.uk[HTTP::uri]"
      }
    }
  } elseif { [HTTP::host] eq "testssl.mydomain.co.uk" } {
    switch -glob [string tolower [HTTP::path]] {
      "/login" -
      "/???lz/*" {
        HTTP::redirect "https://testssl.mydomain.co.uk[HTTP::uri]"
      }
    }
  }
}
}

test

[root@ve11a:Active:In Sync] config  curl -I http://testssl.mydomainmail.co.uk
HTTP/1.0 302 Found
Location: https://testssl.mydomain.co.uk/login
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve11a:Active:In Sync] config  curl -I http://testssl.mydomainmail.co.uk/anythingbhabhabha
HTTP/1.0 302 Found
Location: https://testssl.mydomain.co.uk/anythingbhabhabha
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve11a:Active:In Sync] config  curl -I http://testssl.mydomain.co.uk/login
HTTP/1.0 302 Found
Location: https://testssl.mydomain.co.uk/login
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve11a:Active:In Sync] config  curl -I http://testssl.mydomain.co.uk/123lz/anythingbhabhabha
HTTP/1.0 302 Found
Location: https://testssl.mydomain.co.uk/123lz/anythingbhabhabha
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

kesh_152548 · Answer

Thanks very much for this, will test.&nbsp;

kesh_152548 · Answer

That worked partially: 
Any traffic to http://testssl.communigatormail.co.uk  gets redirected to https://testssl.communigator.co.uk/login  - Doesn’t work
Any traffic to http://testssl.communigatormail.co.uk/anything  gets redirected to https://testssl.communigator.co.uk/anything  (where “anything” could be any URL) - Doesn’t work
Any traffic to http://testssl.communigator.co.uk/login  gets redirected to https://testssl.communigator.co.uk/login - Works
Any traffic to http://testssl.communigator.co.uk/xxxlz/ anything gets redirected to https://testssl.communigator.co.uk/xxxlz/ anything (where xxx can be anything) - Works

I'm wondering if switch -glob should be used in the earlier command?

kesh_152548 · Answer

That worked partially: 
Any traffic to http://testssl.communigatormail.co.uk  gets redirected to https://testssl.communigator.co.uk/login  - Doesn’t work
Any traffic to http://testssl.communigatormail.co.uk/anything  gets redirected to https://testssl.communigator.co.uk/anything  (where “anything” could be any URL) - Doesn’t work
Any traffic to http://testssl.communigator.co.uk/login  gets redirected to https://testssl.communigator.co.uk/login - Works
Any traffic to http://testssl.communigator.co.uk/xxxlz/ anything gets redirected to https://testssl.communigator.co.uk/xxxlz/ anything (where xxx can be anything) - Works

I'm wondering if switch -glob should be used in the earlier command?

Forum Discussion

HTTPS redirects

6 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Anchor Link Redirect

Http redirection

HTTP URI Replace/Redirect

HTTP POST redirect preserving POST data

HTTP to HTTPS Redirect Rewrite plus port change