Forum Discussion

Jan_384807's avatar
Jan_384807
Icon for Nimbostratus rankNimbostratus
Feb 27, 2019

irule based on URI to select pool redirected back to http

Hi, I need help here.

I'm using the same VS to create a irule to redirect to different server pools based on URI. The irule which I created redirects back to http which is not what I'm expected.

  1. test.abc.com -> default poolA -> https://test.abc.com [expected result - OK]
  2. test.abc.com/testing -> redirects to test.abc.com/homepage -> poolB
  3. test.abc.com/homepage -> poolB

For both 2. and 3., both were redirected to http://test.abc.com/homepage/login.

SSL offloading is on F5.

I'm expecting https://test.abc.com/homepage/login instead but I'm not getting it.

Any expert advice is appreciated. Thanks!

when HTTP_REQUEST {

set host [string tolower [HTTP::host]]
set uri [HTTP::uri]

if { $host contains "test.abc.com"}{
    if {([string tolower [HTTP::uri]] starts_with "/testing") }{
        HTTP::redirect "https://$host/homepage
        pool "poolB"
    }
    if { [string tolower [HTTP::uri]] starts_with "/homepage" }{
        pool "poolB"
    }
}

}

devops
iRules

4 Replies

Sort By
  • Andy_McGrath's avatar
    Andy_McGrath
    Icon for Cumulonimbus rankCumulonimbus
    Feb 27, 2019

    For your iRule, which looks ok but the following is a little improved:

    when HTTP_REQUEST {

    if {[string tolower [HTTP::host]] starts_with "test.abc.com"}{

        if {([string tolower [HTTP::uri]] starts_with "/testing") }{
            HTTP::respond 301 Location "https://[getfield [HTTP::host] : 1]/homepage"
        } elseif { [string tolower [HTTP::uri]] starts_with "/homepage" }{
            pool "poolB"
        }
    }
}

    If your web server is then doing a redirect it maybe using 

    http
    protocol instead of 
    https
    as the server is listening on HTTP. Should be able to change this setting on the web server so the Location in any redirect HTTP response uses 
    https
    as the protocol or you could write an iRule to change the Location value in any response.

    The following iRules is an example of performing this 

    Location
    header replacement:

    when HTTP_RESPONSE {

    if {([HTTP::header exists "Location"]) && ([HTTP::header value "Location"] starts_with "http://test.abc.com"))} {
        HTTP::header replace "Location" [string map "http://test.abc.com" "https://test.abc.com" [HTTP::header value "Location"]]
    }
}
  • Faruk_AYDIN's avatar
    Faruk_AYDIN
    Icon for Nimbostratus rankNimbostratus
    Feb 27, 2019

    This redirection is made on your servers. You must add your http virtual server a http-to-https redirect iRule.

     

  • Michael_Saleem's avatar
    Michael_Saleem
    Icon for MVP rankMVP
    Feb 27, 2019

    Have you tried using a combination of your original iRule alongside enabling the redirect rewrite feature on the HTTP profile on the VS? (So that if the backend pool member sends a redirect response using http:// the BIG-IP rewrites this to https://)

     

    https://support.f5.com/csp/article/K14775

     

  • Faruk_AYDIN's avatar
    Faruk_AYDIN
    Icon for Nimbostratus rankNimbostratus
    Feb 27, 2019
    when HTTP_REQUEST {
if { [getfield [HTTP::host] ":" 1] eq "test.abc.com" }
{
    if {([string tolower [HTTP::uri]] starts_with "/testing")  || [string tolower [HTTP::uri]] eq "/homepage" }{
    HTTP::redirect  https://test.abc.com/homepage/login
    return 
} else {
    pool "poolB"
}
}