Applies To:

Show Versions Show Versions

sol6911: Using iRules to rewrite HTTP redirects to match the port used by the virtual server (9.x - 10.x)
How-ToHow-To

Original Publication Date: 10/07/2008
Updated Date: 03/07/2014

This article applies to BIG-IP 9.x - 10.x. For information about other versions, refer to the following article:

If an HTTP client requests a directory without appending a trailing slash to the requested path, most webservers will respond with a self-referencing HTTP redirect including the originally requested URL with the trailing slash appended.

If the webserver listens on a port other than 80, the web server will include the TCP port on which it is listening in the Location header when it sends the HTTP redirect response. If the virtual server is listening on a different port, the resulting redirect location is invalid.

For instance, if the webserver is listening on port 8000, redirects that appear similar to the following example are sent by the webserver:

Location: http://www.f5.com:8000/directory1/

When the client receives the port 8000 redirect response, the client will issue a new HTTP request to the BIG-IP LTM destined for a port which does not match the virtual server.

To solve this issue, you can either create an iRule that appends a trailing slash to requests that do not contain a file extension on your website, or create an iRule that sends a redirect to the appropriate port when a request is received on the wrong port following such a redirect.

Trailing slash iRule

The recommended solution is to configure the BIG-IP LTM to append a trailing slash to the request rather than depending on the web server to issue a redirect. To do so, perform the following procedures:

Creating a Data Group that contains a list of possible file extensions on your website

  1. Log in to the Configuration utility.
  2. Click Local Traffic.
  3. Click iRules.
  4. Click the Data Group List.
  5. Click the Create button.
  6. Type in the name of the Data Group.
  7. From the Type drop-down menu, select String.

For example, if your website contains file extensions html, css, doc, pdf, aspx, jsp, jpg, gif, jpeg, and bmp, your data group will appear as follows:

class extensions { ".html" ".css" ".doc" ".pdf" ".aspx" ".jsp" ".jpg" ".gif" ".jpeg" ".bmp" }

Creating the iRule

You can create an iRule that looks at the incoming URI and appends a trailing slash to requests that do not contain a file extension in the data group, and do not contain a trailing slash. To do so, perform the following procedure:

  1. Log in to the Configuration utility.
  2. Click Local Traffic.
  3. Click iRules.
  4. Click the Create button.
  5. Type the name of the iRule and add the iRule text, below, to the Definition box.

For example, the following iRule will append a trailing slash to requests that do not contain a file extension in the data group, and do not contain a trailing slash:

when HTTP_REQUEST {

set req [string tolower [HTTP::path]]
if { !([matchclass $req ends_with $::extensions])
and !($req ends_with "/") }
{ append req "/" HTTP::path $req }

}

 

Port redirect iRule

You can create a new virtual server on the BIG-IP system that listens on the same port as the web servers, and associate an iRule with that virtual server that redirects requests back to the port 80 virtual server.

Creating the redirect iRule

  1. Log in to the Configuration utility.
  2. Click Local Traffic.
  3. Click iRules.
  4. Click the Create button.
  5. Type the name of the iRule and add the iRule text, below, to the Definition box. Change the Host portion of the URL to match the DNS name of your site.

For example, the following iRule will redirect requests received on an alternate port to port 80:

when HTTP_REQUEST {

    HTTP::redirect http://[getfield [HTTP::host] ":" 1][HTTP::uri]

}

Creating the virtual server

  1. Log in to the BIG-IP LTM Configuration utility.
  2. Click Local Traffic.
  3. Click Virtual Servers.
  4. Click the Create button.
  5. Type the Name, Destination address, and Service Port number on which the web server listens.

For example, the following virtual server listens on port 8000, the same port on which the web server listens:

virtual port_8000 {

destination 192.168.1.1:8000
ip protocol tcp
profile http tcp
rule redirect_to_80

}

 

With this virtual server and iRule in place, clients that are redirected from the web server to port 8000 will reconnect to the BIG-IP virtual server on port 8000, then the BIG-IP system will redirect them to the correct port (port 80).

The following iRule syntax variations can be used to issue a redirect to a default HTTP/HTTPS port or to an alternate HTTP/HTTPS port:

when HTTP_REQUEST {

HTTP::redirect http<s>://[getfield [HTTP::host] ":" 1]<:port>[HTTP::uri] }

For example, redirecting to a standard HTTP or HTTPS port:

  • HTTP:

    when HTTP_REQUEST {

    HTTP::redirect http://[getfield [HTTP::host] ":" 1][HTTP::uri] }

  • HTTPS:

    when HTTP_REQUEST {

    HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }

Alternatively, redirecting to an alternate HTTP or HTTPS port:

  • HTTP:

    when HTTP_REQUEST {

    HTTP::redirect http://[getfield [HTTP::host] ":" 1]:8080[HTTP::uri] }

  • HTTPS:

    when HTTP_REQUEST {

    HTTP::redirect https://[getfield [HTTP::host] ":" 1]:8554[HTTP::uri] }

Note: POST transactions may fail if a redirect response is received due to browser security restrictions (the redirect will not be followed). An alternative approach would be to configure the BIG-IP system to host the website on both port 80 and port 8000, pointing to the same pool of servers, and eliminating the need for the redirect rule.

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)