Forum Discussion

MaCrek_56686's avatar
MaCrek_56686
Icon for Altocumulus rankAltocumulus
Nov 10, 2014

HTTP to HTTPS LTM Policy on network Virtual Server

I would like to redirect all HTTP requests, which come to my F5, to HTTPS sites. I've tried to configure network Virtual Server with attached LTM policy. But it doesn't work. Any ideas, how to deal with it ?

Thank you.

ltm policy /Common/HTTPtoHTTPSpolicy {  
    controls { forwarding }  
    requires { http }  
    rules {  
        HTTPtoHTTPSrule {  
            actions {  
                0 {  
                    http-reply  
                    redirect  
                    location "https://[getfield [HTTP::host] \":\" 1][HTTP::uri]"  
                }  
            }  
            ordinal 1  
        }  
    }  
    strategy /Common/first-match  
}  
  
  
ltm virtual /Common/ALL_HTTP {  
    destination /Common/10.1.2.0:80  
    ip-protocol tcp  
    mask 255.255.255.0  
    policies {  
        /Common/HTTPtoHTTPSpolicy { }  
    }  
    pool /Common/my_pool  
    profiles {  
        /Common/http { }  
        /Common/tcp { }  
    }    
    source 0.0.0.0/0   
    source-address-translation {  
        type automap  
    }  
    translate-address disabled  
    translate-port enabled  
    vlans {  
        /Common/dmwf  
    }  
    vlans-enabled  
}
application delivery
availability
design
LTM

3 Replies

Sort By
  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Nov 10, 2014

    Not that i would try to discourage writing iRules, but to make your life easier, just use the built-in _sys_https_redirect iRule...

     

    H

     

  • MaCrek_56686's avatar
    MaCrek_56686
    Icon for Altocumulus rankAltocumulus
    Nov 11, 2014

    When I hook same LTM Policy to host virtual server (no network virtual IP), it works wo problems. I've tried also _sys_https_redirect iRule, but wo success.

     

    When I've looked to traffic with tcpdump. It looks, that network VS don't work. F5 send Reset packets only. Is there any specific conditions in which network VS works ?