F5 - IRule Selective redirect

 

This iRule redirects all http (80/tcp) traffic to the secure https (443/tcp)

 


# ------------------------------------------------------------------------------
# Name:		selective_redirect_rule
# Author:	Eelke Smit <mail (AT) opensecure (DOT) nl>
# ------------------------------------------------------------------------------ 
# Revision history:		
# 	01 Jan 2021	v1.0	creation
# ------------------------------------------------------------------------------
# Description:
# 	This iRule redirects all http (80/tcp) traffic to the secure https (443/tcp)
#   except for hostnames that exist in the datagroup. These hosts will remain
#	plain http (80/tcp) and are forwarded to an existing pool.
# ------------------------------------------------------------------------------
# Requirements:
# 1. BIG-IP 11.4.1 or later is REQUIRED
# 2. This iRule expects a string datagroup named "host_pool_dg" to be defined with the following format:
#
#	ltm data-group internal host_pool_dg {
#	    records {
#	        www.example1.nl {
#	            data example1_pool
#	        }
#	        test1.example2.nl {
#	            data test1_pool
#	        }
#	        test2.example2.nl {
#	            data test2_pool
#	        }
#	    }
#	    type string
#	}
# 3. The poolnames created with the irule MUST exist.
# ------------------------------------------------------------------------------
# Useful Information/References:
#   https://devcentral.f5.com/wiki/iRules.http_request_send.ashx
#	https://devcentral.f5.com/wiki/iRules.rewrite_host_header_to_server_name.ashx
# ------------------------------------------------------------------------------
when RULE_INIT {
   # Log debug messages to /var/log/ltm? 1=yes, 0=no.
   set static::selective_redirect_debug 1
}
when HTTP_REQUEST {
	if {$static::selective_redirect_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri]"}

	set host_header [string tolower [HTTP::host]]

	# Look up the selected server hostname in the datagroup to get the appropriate pool
	if { [class match $host_header equals host_pool_dg] } {
		set host_header_value [class match -value $host_header equals host_pool_dg]
		if {$static::selective_redirect_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Looked up $host_header, found: $host_header_value."}
		
		# Check if the host header value (poolname) is not empty
		if {$host_header_value ne ""}{
			pool $host_header_value
			if {$static::selective_redirect_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Forward to pool $host_header_value."}
		}
		return
	}
#	set host_ip [IP::server_addr]
#   if { [class match $host_ip equals host_pool_dg] } {
	# Look up the selected server IP in the datagroup to get the host header value
#		set host_header_value [class match -value $host_ip equals host_pool_dg]
#		if {$static::selective_redirect_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Looked up $host_ip, found: $host_header_value."} 
#
		# Check if the host header value (poolname) is not empty
#		if {$host_header_value ne ""}{
#			pool $host_header_value
#			if {$static::selective_redirect_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Forward to pool $host_header_value."}
#		}
#		return
#	}

	# Redirect all other traffic from HTTP (80/tcp) to HTTPS (443/tcp)
	HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] 
}