1

We are trying to do a redirect from / to /access/signin however with the following application rule we see too many redirects (looping) for HTTPS, HTTP is working fine.

acl TEST-RDR hdr_dom(Host) -i www.test.com
acl TEST-RDR path_beg /access/signin
http-request redirect location https://www.test.com code 301 if TEST-RDR

Any advice or pointers would be really helpful, I am new to Application rules and trying to convert an F5 iRule (below)

when HTTP_REQUEST { 
  set host_info [string tolower [HTTP::host]] 
  set uri_info [string tolower [HTTP::uri]] 
    switch -glob $host_info { 
     "www.test.com" {
       switch -glob $uri_info { 
         "/access/signin*" {
          HTTP::respond 301 Location "https://www.test.com"
         }
         "/*" {
          HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"
         }
       }
     }
     "*.test.com" { 
      switch -glob $uri_info { 
        "/access/signin*" {
          HTTP::redirect "https://[HTTP::host][HTTP::uri]"
        }
      }
     }
    }
}
Lorem ipsum
  • 852
  • 3
  • 13
Cousty
  • 11
  • 1

1 Answers1

1

In haproxy declaring acl twice actually means OR of those conditions, so this:

acl TEST-RDR hdr_dom(Host) -i www.test.com
acl TEST-RDR path_beg /access/signin

means Host = www.test.com OR path_beg /access/signin which keeps evaluating to true, because you redirect to the same domain, so https://www.test.com/ redirects to https://www.test.com/ and you get redirection loop.

Instead try it this way:

acl host_www.test.com hdr_dom(host) -i www.test.com
acl url_access_signin path_beg /access/signin

http-request redirect location https://www.test.com/ code 301 if host_www.test.com url_access_signin

Haproxy has implicit AND when building conditions like in http-request above. I don't know F5, so i can't say if that is exact translation.

tbielaszewski
  • 411
  • 2
  • 5