The F5 BIG-IP LTM is a very neat piece of kit (or virtual kit if you have the VE). iRules are a powerful feature that can be used to control and manipulate traffic.

 

Here I am creating an iRule to inspect HTTP traffic to see if it's a specific website domain, then rewrite that URL to be HTTPS.

 

e.g. http://secure.vmadmin.co.uk will get re-written to https://secure.vmadmin.co.uk

As would any URL after the domain eg.  http://secure.vmadmin.co.uk/Path/url.html to https://secure.vmadmin.co.uk/Path/url.html

 

 

A) The quick and dirty way: 

This way we are creating an iRule with the host (aka domain) hard coded into the iRule. This is easy to implement but does not scale well for multiple domains.

 

1. Create an iRule called "RedirectToHTTPS"

 

when HTTP_REQUEST {

 if { [HTTP::host] equals "secure.vmadmin.co.uk"} {

  HTTP::redirect "https://[HTTP::host][HTTP::uri]"

  }

 }

 

2. Add the iRule to your HTTP virtual server in the "Resouces" tab/section.

Note: Make sure your HTTP virtual server has a http profile assigned.

 

 

 

B) The better way:

By doing it this way we can use whats called an "iRule Data Group List" to contain all the domains we want to redirect. Each time we want to add a domain we don't need to touch the iRule itself, only add the domain to the data group list.

 

1. Create an iRule called "RedirectToHTTPS"

 

when HTTP_REQUEST {

 if { ([class match [string tolower [HTTP::host]] equals $::RedirectToHTTPS] ) } {

  HTTP::redirect "https://[HTTP::host][HTTP::uri]"

  }

 }

 

2. Create an iRule Data Group List called "RedirectToHTTPS" of type string.

 

3. Add your domains to the "RedirectToHTTPS" iRule Data Group List (e.g. as below)

secure.vmadmin.co.uk

banking.vmadmin.co.uk

admin.vmadmin.co.uk

 

4. Add the iRule to your virtual server in the "Resouces" tab/section.

Note: Make sure your HTTP virtual server has a http profile assigned.

 

 

 

Another Tip:

You can also change the operators from "equals" to "starts_with", "contains", and "ends_with".

So if I wanted to do all sub domains of vmadmin.co.uk I could put "vmadmin.co.uk" in the iRule Data Group List and in the iRule itself have the following logic:

 

when HTTP_REQUEST {

 if { ([class match [string tolower [HTTP::host]] ends_with $::RedirectToHTTPS] ) } {

  HTTP::redirect "https://[HTTP::host][HTTP::uri]"

  }

 }

 

 

 

Share this blog post on social media:

Latest Blog Posts

Popular

Social Links

Disclaimer

All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.

Copyright ©2008-2021 Andy Barnes - Please do not copy any content including images without prior consent!

Designed and Hosted by Andy Barnes

We use cookies

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

Ok Decline