Forum Discussion

mikeshermanit_2's avatar
mikeshermanit_2
Icon for Nimbostratus rankNimbostratus
Feb 27, 2017

Redirect to different VS - iRule

I have two VS one listening on port 80 and the other 443 and they share the same IP.

 

They are two different back-end servers.

 

Right now SSL traffic is only flowing to the VS listening on 443 (which makes sense.)

 

A dev asked me if it was possible to have a particular page to be SSL but use the back end Server which is tied to the VS listening on port 80?

 

My plan was to create a new VS which is pointing to the the back-end server but listening on 443 and use an iRule to redirect that one page.

 

My question is how would you write the iRule to essentially go to a particular VS?

 

Like in this example where would I specify the VS:

 

when HTTP_REQUEST { if { [HTTP::host] equals "example.com/example.asp" } { HTTP::redirect ".[HTTP::host][HTTP::uri]" } }

 

devops
iRules

2 Replies

Sort By
  • DevBabu's avatar
    DevBabu
    Icon for Cirrus rankCirrus
    Feb 27, 2017

    Basically we need to have a port 80 and port 443 virtual both loadbalancing to the same pool for port 80.

    Port 443 VS should have SSL offloaded and HTTP Profile in it.

    Then iRule on port 80 virtual server with HTTP Profile: 

    when HTTP_REQUEST {
    if { [HTTP::path] equals "example.asp" } {
         HTTP::redirect "https://[HTTP::host][HTTP::uri]"
    }
}

    If you are looking directly to point to the vs name checkout the following link:

    https://devcentral.f5.com/wiki/iRules.virtual.ashx

    I am not sure, if pointing directly to a VS works as the request protocol will not be changed when it hits the 443 virtual.

  • Amine_Kadimi's avatar
    Amine_Kadimi
    Icon for MVP rankMVP
    Feb 27, 2017

    If I understand correctly, you want to proxy the traffic going to example.com/example.asp to the http backend server which is already existing on F5.

    If this is the case, and while redirecting to a VS should also work, you can instead directly select your existing http pool or more specifically a member of the pool:

    when HTTP_REQUEST {
  if { [HTTP::path] equals "example.asp"} {
  SSL::disable serverside
    pool your_http_pool_name member 1.2.3.4 80
     or if you don't want to specify the member:
     pool your_http_pool_name 
    }
}

    Note: your example with if { [HTTP::host] equals "example.com/example.asp" } is not correct because the host part is only example.com.