irule redirect

Question

I have an existing irule i want to modify for everything that goes to the /net2 uri should be https. We currently have two VS for this (80 and 443). I am having difficulty redirecting *error too many redirects. What is the best place to add this in the irule so that anything that goes to /net2 redirects from http to https?
Below is an example of the irule:
when HTTP_REQUEST {
  set my_uri [string tolower [HTTP::uri]]
  set my_host [string tolower [HTTP::host]]
if {[string tolower [HTTP::uri]] contains "/flowers"} {pool Flower_POOL}
elseif {[HTTP::uri] contains "/net1"} {pool NET_ALL_POOL}
elseif {[HTTP::uri] contains "/net2"} {pool NET_ALL_POOL }
elseif {[HTTP::uri] contains "/net3"} {pool NET_ALL_POOL }
elseif {[HTTP::uri] contains "/fruit"} {pool Flower_POOL}
elseif {[HTTP::uri] contains "/candy"} {pool Flower_POOL}
elseif {[HTTP::uri] contains "/APACHE7/" } {node 10.1.1.8 7}
elseif {[HTTP::uri] contains "/APACHE8/" } {node 10.1.1.8 80}
elseif {[HTTP::uri] contains "/APACHE9/" } {node 10.1.1.9 80}
elseif {[PROFILE::exists clientssl] == 0 } { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }
elseif {[string tolower [HTTP::uri]] contains "/testweb/"} {pool TESTWEB_POOL}
else {pool SERVER_TEST_POOL}
}

vijay_e · Answer

I would recommend using 2 different iRules. One for VS:80 and another for VS:443. This way you can prevent unwanted iRule processing in VS:80 that is not required.
iRule in VS:80
when HTTP_REQUEST {
HTTP::redirect "https://[HTTP::host][HTTP::uri]" 
}
}

iRule in VS:443
when HTTP_REQUEST {
set my_uri [string tolower [HTTP::uri]]
set my_host [string tolower [HTTP::host]]
if {[string tolower [HTTP::uri]] contains "/flowers"} {pool Flower_POOL}
elseif {[HTTP::uri] contains "/net1"} {pool NET_ALL_POOL}
elseif {[HTTP::uri] contains "/net3"} {pool NET_ALL_POOL }
elseif {[HTTP::uri] contains "/fruit"} {pool Flower_POOL}
elseif {[HTTP::uri] contains "/candy"} {pool Flower_POOL}
elseif {[HTTP::uri] contains "/APACHE7/" } {node 10.1.1.8 7}
elseif {[HTTP::uri] contains "/APACHE8/" } {node 10.1.1.8 80}
elseif {[HTTP::uri] contains "/APACHE9/" } {node 10.1.1.9 80}
elseif {[string tolower [HTTP::uri]] contains "/testweb/"} {pool TESTWEB_POOL}
else {pool SERVER_TEST_POOL}
}

david__pasch · Answer

I agree with Odaah. Two rules would be the way I would address this. 
It would be easier to own and account for the contexts as they move to 443, assuming that is on everyone's roadmap at this point. 🙂
With that said, I think adding a line above your /net2 line with a nested conditional will work. I was unable to test this so, YMMV. 
Good Luck!
when HTTP_REQUEST {
  set my_uri [string tolower [HTTP::uri]]
  set my_host [string tolower [HTTP::host]]
    if {[string tolower [HTTP::uri]] contains "/flowers"} {pool Flower_POOL}
        elseif {[HTTP::uri] contains "/net1"} {pool NET_ALL_POOL}
        elseif {[HTTP::uri] contains "/net2" and [TCP::local_port] equals "80" } { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }
        elseif {[HTTP::uri] contains "/net2"} {pool NET_ALL_POOL }
        elseif {[HTTP::uri] contains "/net3"} {pool NET_ALL_POOL }
        elseif {[HTTP::uri] contains "/fruit"} {pool Flower_POOL}
        elseif {[HTTP::uri] contains "/candy"} {pool Flower_POOL}
        elseif {[HTTP::uri] contains "/APACHE7/" } {node 10.1.1.8 7}
        elseif {[HTTP::uri] contains "/APACHE8/" } {node 10.1.1.8 80}
        elseif {[HTTP::uri] contains "/APACHE9/" } {node 10.1.1.9 80}
        elseif {[PROFILE::exists clientssl] == 0 } { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }
        elseif {[string tolower [HTTP::uri]] contains "/testweb/"} {pool TESTWEB_POOL}
else {pool SERVER_TEST_POOL}
}

Forum Discussion

irule redirect

2 Replies

Recent Discussions

preserve client IP on layer 4 VIP

Failed to convert character dclid=%EDclid!

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

iRule redirection

URL redirection irule

URL redirection iRule

Anchor Link Redirect

IRULE - redirect URI