Forum Discussion

bwilliam's avatar
bwilliam
Icon for Cirrus rankCirrus
Feb 22, 2019

After modifying Irule added website has too many redirects

I have an existing universal redirect irule where we have several redirects configured and working. When I add the 2 websites where it includes password to the irule and then try to access the site I get a redirect loop. To access the site I created a host entry on my mac pointing to the universal_redirect vip IP. After doing this I get an error too many redirects occurring trying to open passwordreset.somecompany.com. What am I doing wrong? Any help will be greatly appreciated.

when HTTP_REQUEST {
   switch -glob [string tolower [HTTP::host]] {
      “*website1.com*" {
         HTTP::redirect "https://www.newsite.io"
      }
      “passwordreset.acompanyhasnoname.com" {
         HTTP::redirect "https://somecompany.sharepoint.com/O365-Resources/Pages/SSPR%20-%20Unlock%20and%20Reset%20your%20Account.aspx"
      }
      “*passwordregistration.acompanyhasnoname.com*" {
         HTTP::redirect "https://somecompany.sharepoint.com/O365-Resources/Pages/SSPR%20-%20Unlock%20and%20Reset%20your%20Account.aspx"
      }
      "*myred.somecompany.com*" {
         HTTP::redirect "https://somecompany.website.com"
      }
      "*www.some-company.com*" {
         HTTP::redirect "http://www.newcompany.com"
     }
      default {
          add the default action you prefer ie "www.def.com"
         HTTP::redirect "https://[HTTP::host][HTTP::uri]"
      }
   }
}

7 Replies

  • Try to add a "return" statement after each redirect ... like

    when HTTP_REQUEST {
       switch -glob [string tolower [HTTP::host]] {
          “*website1.com*" {
             HTTP::redirect "https://www.newsite.io"
             return
          }
    
          ....
    
  • Suspecting your issue with

    -glob
    matching and
    default
    condition. Try to adjust it.

    -glob Matching

       item* -- starts with item
       *item -- ends with item
       *item* -- contains item
    
  • uzair's avatar
    uzair
    Icon for Nimbostratus rankNimbostratus

    can u take a pcap on client and paste the output. iRules looks fine. After firsdt redirect looks like client is getting the redirect from new location also.

     

  • Adding the return does not help.

     

    The packet capture from the client side and f5 side shows the communication loop between the vip and client ip. The loop starts after the encrypted handshake is sent from the vip to the client and cipher handshake is established. The loop shows ACK application data ACK, rinse and repeat until the browser times out.

     

  • uzair's avatar
    uzair
    Icon for Nimbostratus rankNimbostratus

    Add a log in in all cases. Looks like it is always hitting default case. Log will confirm the same. Check the wildcard match website1.com. Is it right? string matching is getting failed. For more clarity in the default case log print the path and see if it matches with website1.com re.

     

    Can u paste the same log here.

     

  • uzair's avatar
    uzair
    Icon for Nimbostratus rankNimbostratus

    hey there issue is with the double quotes. “website1.com".

     

  • Good eye Uzair!

     

    The quote difference did the trick, which is odd, because normally the irule checker will fail when quotes are wrong. At any rate lesson learned to always make sure your text editor correctly parses the right text.