-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Let’s see if that works fine

I just had to deploy a LTM virtual server that should have the only purpose to redirect from http to https keeping whatever hostname has been given.

So, this is what F5 says is good for rewriting from http to https:

when HTTP_REQUEST {
	HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}

Let’s see how good that works

Using a FQDN
telnet 192.168.10.10 80
	Trying 192.168.10.10...
	Escape character is '^]'.
	GET / HTTP/1.0
	Host: domain.tld

	HTTP/1.0 302 Found
	Location: https://domain.tld/
	Server: BigIP
	Connection: close
	Content-Length: 0

	Connection closed by foreign host.
Using a FQDN and port
telnet 192.168.10.10 80
	Trying 192.168.10.10...
	Escape character is '^]'.
	GET / HTTP/1.0
	Host: domain.tld:80

	HTTP/1.0 302 Found
	Location: https://domain.tld/
	Server: BigIP
	Connection: close
	Content-Length: 0

	Connection closed by foreign host.
Using IPv4
telnet 192.168.10.10 80
	Trying 192.168.10.10...
	Escape character is '^]'.
	GET / HTTP/1.0
	Host: 192.168.10.10

	HTTP/1.0 302 Found
	Location: https://192.168.10.10/
	Server: BigIP
	Connection: close
	Content-Length: 0

	Connection closed by foreign host.
Using IPv4 and port
telnet 192.168.10.10 80
	Trying 192.168.10.10...
	Escape character is '^]'.
	GET / HTTP/1.0
	Host: 192.168.10.10:80

	HTTP/1.0 302 Found
	Location: https://192.168.10.10/
	Server: BigIP
	Connection: close
	Content-Length: 0

	Connection closed by foreign host.
Using IPv6
telnet 192.168.10.10 80
	Trying 192.168.10.10...
	Escape character is '^]'.
	GET / HTTP/1.0
	Host: [2001:dead::beef]

	HTTP/1.0 302 Found
	Location: https://[2001/
	Server: BigIP
	Connection: close
	Content-Length: 0

	Connection closed by foreign host.
Using IPv6 and port
telnet 192.168.10.10 80
	Trying 192.168.10.10...
	Escape character is '^]'.
	GET / HTTP/1.0
	Host: [2001:dead::beef]:80

	HTTP/1.0 302 Found
	Location: https://[2001/
	Server: BigIP
	Connection: close
	Content-Length: 0

	Connection closed by foreign host.

So, it seems that the provided solution is not really really working with IPv6 addresses because what the redirection is cutting [HTTP::host] using the “:” separator and keep the first element. This is where it fails miserably.

Hopefully, it is possible to use regex within iRules and this is what I used (I know there’s several ways of writing them):

when HTTP_REQUEST {
	regsub -all {:\d*$} [HTTP::host] "" host
	HTTP::redirect https://$host[HTTP::uri]
}

Let’s see now the behaviour:

Using IPv6
telnet 192.168.10.10 80
	Trying 192.168.10.10...
	Escape character is '^]'.
	GET / HTTP/1.0
	Host: [2001:dead::beef]

	HTTP/1.0 302 Found
	Location: https://[2001:dead::beef]/
	Server: BigIP
	Connection: close
	Content-Length: 0

	Connection closed by foreign host.
Using IPv6 and port
telnet 192.168.10.10 80
	Trying 192.168.10.10...
	Escape character is '^]'.
	GETHTTP/1.0
	Host: [2001:dead::beef]:80

	HTTP/1.0 302 Found
	Location: https://[2001:dead::beef]/
	Server: BigIP
	Connection: close
	Content-Length: 0

	Connection closed by foreign host.

Nailed it !

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJW5eRMAAoJEBeKS2x6xuR77+YQAK/O9pnBOr/e1mWhCGV7/19q
5MdNp2MjT3T6uq51c5XdoGfRmUHS1E0JDMtXkYGxfh/tKxBRUfbfg2dO7DQu6vgR
kYw97YDTL83MDQ9ts6Kb/yqAwja+zAgAh0ekA6pwVLmvslhHq7Dl3y7F1KpbqX3y
3fxjEOFzDRTgC8guMdC1v+nx32IVda36YdPBrMOHzMpwieukerJQVrmWvfA3+ZHb
YoeYt7sSfp5qSX77t2DsLS60ruibnhvY/Wb4GOaRoMNXj4ghgj5joSkKJaHWiEdN
H1tTitR4+iNRQyCw8QSpzPSc1ZoqakH7/Y0XC8QFzadivch0bJ+B4unG//SuhlwI
pya3Ezfb07pot80JA8axw919a0cFfWG6NFeIQ7WBEvz7YT1bVS/ABJENetuuQb+g
NJ1k/TcbyBB9eFvhJzbE5v3GgAUqe5+Vb6sMwDxSRXS6ffukX3mrKVXwjNW6ZzV4
hoIwpV6uB4VkiGAG9YC29jcPAWyc/QlCKuVREgxDi5I+ibFMRmDS3iSm3MfmHPfg
OGESFrklue2dU1fuZCtfDAOebrVIjz/+d8C9d56FVfe+dOVa7vJLc/ofUz1CdyBx
n7Jl7U3uHjiXqqnIgwlXJnMI3jpqifYj+wHWw9l8mFPjBFESslZyH0cOp/qacEk8
NTo5jtaixq5yv/rHzn5F
=VX0D
-----END PGP SIGNATURE-----

Hint: To validate signature, please view page source and copy html code between BEGIN PGP Signed message and END PGP Signature anchors.

Created the 2013-09-10

Share this


Resources

10 last articles

blog comments powered by Disqus