F5 Technology Blog: March 2010

1) To redirect http requests to https
-------------------------------------------------------------------------

when HTTP_REQUEST {

HTTP::redirect https://[HTTP::host][HTTP::uri]

}

-------------------------------------------------------------------------

Please check Redirect Rewrite to Matching in HTTP Profile used

Associate the iRule with Virtual Server Profile

2) To modify cookie domain for JSESSIONID.

-------------------------------------------------------------------------

when HTTP_RESPONSE {

   if {[HTTP::cookie count] > 0 } {
   foreach aCookie [HTTP::cookie names] {
   log local0. "Cookie name: $aCookie"
   if { $aCookie == "JSESSIONID" } {
   HTTP::cookie domain $aCookie yourwiderdomain.com
   }
   }
   }
}
-------------------------------------------------------------------------

This iRule will help to issue the same JSESSIONID when switching between different subdomains.

In JBOSS by default, you will get two different JSession IDs when you make requests to www.domain.com and secure.domain.com. If you examine the JSESSIONID cookie, you will see the domain name is set to complete www.domain.com and secure.domain.com respectively.

To avoid this issue and get a single JSESSIONID , create an iRule as above and set the cookie domain at wider level, ex: domain.com. Associate the iRule to virtual server in the resources section. Hit the URLs again, the domain name in JSESSIONID will be set to domain.com.

3) Issue 301 redirect and resolve to desired URI
-------------------------------------------------------------------------
when HTTP_REQUEST {
if { not ([HTTP::host] starts_with "www") }
{
   HTTP::respond 301 Location "http://www.[HTTP::host]/urigoeshere"
}
elseif { [HTTP::uri] equals "/" }{
   HTTP::respond 301 Location "http://[HTTP::host]/urigoeshere"
}
}

Another flavor with or condition

when HTTP_REQUEST {
   if { not ([HTTP::host] starts_with "www"
   or [HTTP::host] starts_with "somename"
   )
   }{
   HTTP::respond 301 Location "http://www.[HTTP::host]/web/cs?a=5"
   }
   elseif { [HTTP::uri] equals "/" }{
   HTTP::respond 301 Location "http://[HTTP::host]/web/cs?a=5"
   }
}

-------------------------------------------------------------------------
This iRule will avoid multiple redirects.

4) Insert X-Forwarded-Proto

-------------------------------------------------------------------------

iRule for port 80

when HTTP_REQUEST {

HTTP::header remove X-Forwarded-Proto

HTTP::header insert X-Forwarded-Proto http

}

iRule for port 443

when HTTP_REQUEST {

HTTP::header remove X-Forwarded-Proto

HTTP::header insert X-Forwarded-Proto https

}

-------------------------------------------------------------------------

This iRule is useful to identify the client protocol is either http or https. This iRule helps the when the SSL gets decrypted in load balancer or web server and backed requests are sent to application server as http. If the application uses http servlet isSecure method, setting the iRule on port 443 will return isSecure as true. Please note the XForwardProto filter will also have to be applied on application server to get the correct value for isSecure or getScheme.

4) Logging

-------------------------------------------------------------------------

log local0. "value1= $somevariable and value2= $somevariableothervariable "

log local0. " IP: [IP::client_addr] "

log local0. " uri= [HTTP::uri] path= [HTTP::path] query= [HTTP::query]

-------------------------------------------------------------------------

The log command can be inserted to iRule to provide useful debug information.