F5 Big-IP iRule - HTTP Redirect

Question

I have just started to work with F5's Big-IP and I have a question about iRules and HTTP redirects. We are moving to offload our SSL from our web servers and onto the F5, our application as it stands enforces a number of pages on our site to only run in HTTPS. I want to move this from the APP and onto the F5 but I have not been able to figure our how, so as an example I would want anyone trying to login in to be forced to use HTTPS e.g. http://"mysite"/login.aspx = https://"mysite"/login.aspx.

I have done some google searches that have come up with some good info on this but I have yet to find what I am looking for, if anyone has done this and wishes to share this with me that would be great

score 6 · Answer 1 · edited May 31 '12 at 13:54

6

There are multiple ways you can use iRules to perform HTTP redirects.

The DevCentral HTTP to HTTPS Redirect Wiki Page has a list of examples (and if you search the site, you'll find many other examples and discussions on how to do more complex redirects with iRules).

In your example, the iRule would simply be:

1 when HTTP_REQUEST {
2 HTTP::respond 301 Location "https://[getfield [HTTP::host] : 1][HTTP::uri]"
3 }

Apply this to the virtual server (the HTTP VS, not the HTTPS VS or you'll create an infinite redirect loop ;-)) and you should be good to go.

edited May 31 '12 at 13:54

Kyle Brandt

83,619
74
305
448

answered May 31 '12 at 10:40

Lori MacVittie

61
1

Hi Lori, thank you for the answer. We don't allow signatures/taglines (http://serverfault.com/faq#signatures) so I edited that out. Hope you don't take offense are we are happy to have representatives from vendors providing technical answers. – Kyle Brandt May 31 '12 at 13:57
Hi, thanks for this but is not completely what I am after. The example you have given does it for all HTTP traffic but I only what this to happen on some pages and not the entire site. I need to be able to write a rule that will look for /login.aspx and only redirect that page to HTTPS. Thanks for the link to the F5 wiki I am going to have a look though that to see if I can do what I am after. – djo May 31 '12 at 23:45

score 2 · Accepted Answer · edited Jun 01 '12 at 04:46

2

I have figured out how to do what I want

_when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] starts_with "/login.aspx" } {
        HTTP::respond 302 Location "https://[getfield [HTTP::host] : "1"][HTTP::uri]"_
    }
}

Thanks for the help though, it lead me in the right direction.

edited Jun 01 '12 at 04:46

mgorven

30,615
7
79
122

answered Jun 01 '12 at 00:51

djo

397
2
4
12

F5 Big-IP iRule - HTTP Redirect

2 Answers2