Forum Discussion

Ravier_356281's avatar
Ravier_356281
Icon for Nimbostratus rankNimbostratus
Mar 21, 2018

Redirect from HTTP to HTTPS if SSL Profile exists on the HTTPS virtual server

We have several load balancers configured on this F5 using the following irule:

 

when HTTP_REQUEST { switch -glob [HTTP::uri] { "Redacted URI" { return } "Redacted URI" { return } "Redacted URI" { return } "Redacted URI" { return } "Redacted URI" { return } default { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } } }

 

This is applied to the HTTP Virtual server which successfully redirects all incoming requests that are HTTP to the HTTPS virtual server.

 

What we are needing now is a way to exempt the above from happening in the event that the virtual server with all of the ssl profiles does not actually have an SSL profile for the requested URI.

 

Outside of writing in an exemption for each URI, is there a way to look at the virtual server and verify the incoming URI does or does not have an ssl profile applied on the other virtual server?

 

application delivery
BIG-IP
client ssl profile
devops
iRules

6 Replies

Sort By
  • BenNoonan_35173's avatar
    BenNoonan_35173
    Icon for Nimbostratus rankNimbostratus
    Mar 23, 2018

    I believe this may work: 

    when HTTP_REQUEST { 
if { [SSL::mode] == 0} { HTTP::redirect http://[HTTP::host][HTTP::uri]}
}
    • Ravier_356281's avatar
      Ravier_356281
      Icon for Nimbostratus rankNimbostratus
      Apr 17, 2018

      I'm not sure that's what I'm looking for.

       

      I already have the redirect working for everything that is http to be redirected as HTTPS.

       

      What I need now is basically an exemption mechanism where if the request comes in, and there's no SSL profile for that URL, then to let it go through as HTTP.

       

  • Ben_Noonan's avatar
    Ben_Noonan
    Icon for Nimbostratus rankNimbostratus
    Mar 23, 2018

    I believe this may work: 

    when HTTP_REQUEST { 
if { [SSL::mode] == 0} { HTTP::redirect http://[HTTP::host][HTTP::uri]}
}
    • Ravier_356281's avatar
      Ravier_356281
      Icon for Nimbostratus rankNimbostratus
      Apr 17, 2018

      I'm not sure that's what I'm looking for.

       

      I already have the redirect working for everything that is http to be redirected as HTTPS.

       

      What I need now is basically an exemption mechanism where if the request comes in, and there's no SSL profile for that URL, then to let it go through as HTTP.

       

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Apr 18, 2018

    You can put your list of the virtual servers without an SSL profile applied in a data group and check the incoming request against that.