KJ_50941
Mar 06, 2013Nimbostratus
443 VIP redirect
for https redirect on 443 VIP from / to login.aspx do I need 80 VIP? if I stand up port 80 VIP it works , but that is extra step.
please advise.
for https redirect on 443 VIP from / to login.aspx do I need 80 VIP? if I stand up port 80 VIP it works , but that is extra step.
please advise.
You shouldn't. You should be able to use the first example below and maintain your protocol, but if it is not working properly you still have options with the second example
when HTTP_REQUEST {
if { [HTTP::path] equals "/" } {
HTTP::redirect "/login.aspx"
}
}
when HTTP_REQUEST {
if { not ([HTTP::uri] equals "/") } {
HTTP::redirect "https://[getfield [HTTP::host] ":" 1]/login.aspx"
}
}
Dont' forget that "/default.aspx" is probably a valid equivalent to "/". Also, if you don't set up a VIP for port 80 the visitors will be forced to include the protocol (https://). If they simply enter the domain name their request will fail.
my http:
when HTTP_REQUEST {
if { [HTTP::uri] eq "/" } {
HTTP::redirect http://[HTTP::host]/login.aspx
}
}
https is:
when HTTP_REQUEST {
if { [HTTP::uri] eq "/" } {
HTTP::redirect https://[HTTP::host]/login.aspx
}
}
In your rule for http:
HTTP::redirect http://[HTTP::host]/login.aspx
You're using "http" instead of "https".
Question: why use two iRules? You can use the same rule for the VIPSs on port 80 and 443.
when HTTP_REQUEST {
if { [HTTP::uri] eq "/" } {
HTTP::redirect https://[HTTP::host]/login.aspx
}
}
can you tell me what exactly I need to use.
thx
what can I do to make both 80 and 443 works?
If by this statement, "my http work but https get rediect to http on brower", you're suggesting that the 443 VIP works, but the app still sends users redirects with HTTP://, then you have a different problem. In this case, if it's just redirects, turn on Redirect Rewrite Matching in the HTTP profile. If the HTTP:// references are for embedded objects (images, CSS, JS, etc.), then you're best bet is a stream profile and simple stream iRule. Better first to determine what the references are though.
I'm not sure I fully understand the requirements for your setup yet, but I'd recommend separate VIPs for 80 and 443. Also, if you will want to avoid mixing secure and non-secure content when users are accessing the page over SSL - otherwise the browsers will warn the users of potential security problems on the page.