Forum Discussion

aweise_7447's avatar
aweise_7447
Icon for Nimbostratus rankNimbostratus
Jan 27, 2011

HTTPS redirect based on URI

Greetings,

 

 

We have a VIP that sends traffic to an SSL VPN appliance. The VIP is running on 443 and has a simple pool applied to it. However, we'd like to be able redirect users to a specific URL if they type in an incorrect URL.

 

 

For example, the correct URL is https://www.company.com/vpn. Users are simply forgetting to type in the URI portion so that it ends up being "https://www.company.com/". This causes problems and the users are not able to authenticate to the VPN appliance.

 

 

Can we have an iRule that does something like this:

 

 

when HTTP_REQUEST {

 

switch -glob [string tolower [HTTP::uri]] {

 

"/" {

 

HTTP::redirect "https://www.company.com/vpn"

 

}

 

 

But instead does this for HTTPS? The SSL is not terminated on the BigIP - it's done on the VPN appliance.

 

 

Thanks!

 

14 Replies

  • Regarding doing a proper HTTP redirect it'll depend on your setup and requirements. What's the reason for doing this in the first place?
  • Dear Steve,

     

     

    I am getting below error while creating the iRule

     

     

    01070151:3: Rule [/Common/redirection] error:

     

    line 5: [undefined procedure: elseif] [elseif { [HTTP::uri] starts_with "/pqr" } {

     

    virtual D

     

    } else {

     

    Virtual A

     

    }]
  • e.g.

    [root@ve10:Active] config  b virtual A list
    virtual A {
       snat automap
       pool foo
       destination 172.28.19.252:80
       ip protocol 6
       rules myrule
       profiles {
          http {}
          tcp {}
       }
    }
    [root@ve10:Active] config  b virtual B list
    virtual B {
       snat automap
       pool foo
       destination 2.2.2.2:80
    }
    [root@ve10:Active] config  b virtual D list
    virtual D {
       snat automap
       pool foo
       destination 4.4.4.4:80
    }
    [root@ve10:Active] config  b pool foo list
    pool foo {
       members 200.200.200.101:80 {}
    }
    [root@ve10:Active] config  b rule myrule list
    rule myrule {
       when HTTP_REQUEST {
      set host [HTTP::host]
      set uri [HTTP::uri]
      if { [HTTP::uri] starts_with "/xyz" } {
        virtual B
      } elseif { [HTTP::uri] starts_with "/pqr" } {
        virtual D
      }
    }
    when HTTP_RESPONSE {
      log local0. "client [IP::client_addr]:[TCP::client_port] server [IP::remote_addr]:[TCP::remote_port] host $host uri $uri"
    }
    }
    
     test
    
    [root@ve10:Active] config  tail -f /var/log/ltm
    May  2 21:11:16 local/tmm info tmm[4950]: Rule myrule : client 172.28.20.17:60325 server 200.200.200.101:80 host mbanking.abc.com uri /something
    May  2 21:11:24 local/tmm info tmm[4950]: Rule myrule : client 172.28.20.17:60326 server 2.2.2.2:80 host mbanking.abc.com uri /xyz/something
    May  2 21:11:32 local/tmm info tmm[4950]: Rule myrule : client 172.28.20.17:60327 server 4.4.4.4:80 host mbanking.abc.com uri /pqr/something