[IRULE]: http to https redirection on F5 Big-IP LTM

Getting Started

I am doing F5 related tasks from a longtime however never put on my blog, now i have decided to place all my learnings of F5 inside separate category, that is F5.

F5’s BIG-IP product family comprises purpose-built hardware, modularized software, and virtualized solutions that run the F5 TMOS® operating system. Depending on the appliance selected, one or more BIG-IP product modules can be added to a BIG-IP device to deliver multiple networking functions on a single, unified platform.

In short , F5 BIG-IP LTM main task is,  when a server went down or became overloaded, it directs traffic away from that server to other servers that could handle the load plus lots of additional tasks. For those not familiar with a Big-IP load balancer’s administration, most of the configuration is done via a web interface, accessible via the device’s IP address (https://ipaddress).


The Big-IP Administrative interface

The navigation for the site is located in the left-hand column.

As the title says , we are going to perform Http to https redirection .

Description:- Redirects all traffic to same hostname, same URI over https by issuing a redirect with status 301 (Moved Permanently). You can change the status code to a 302 to issue a non-cacheable redirect.

Apply to HTTP virtual server to redirect all traffic to same hostname (stripping port if it exists), same URI over HTTPS. (Do not apply to shared/wildcard virtual server responding to HTTPS traffic, or infinite redirect will occur. Create separate virtual servers on port 80 and port 443, and apply this iRule ONLY to the port 80 HTTP-only virtual server. No iRule is needed on the port 443 HTTPS virtual server.)

Lets start with creating our IRule first, IRule is tcl based language.

Here # means don’t execute the script , so that we can use for  description purpose.


# sharepoint_apps


# Virtual Server: sharepoint_apps_http


# Forces users to use HTTPS instead of HTTP


# Created 20131220 by Afroz



            switch -glob [string tolower [HTTP::host]] {

                        “afrozahmad.com” {

                                    HTTP::respond 301 “Location” “https://afrozahmad.com[HTTP::uri]”

                                    log local0. “***[IP::client_addr]:[TCP::client_port]:[HTTP::host]:[HTTP::uri]***”





The above Irule is simple , it instructs F5 to redirect traffic coming for https://afrozahmad.com  towards https://afrozahmad.com . Also “log local0” section refers to logging the activity based on ip address, tcp port, http host and uri.

Note:- We need to apply IRULE to virtual server in above case it should be applied to “http” virtual server. IRULE will not work unless applied to virtual server.

Leave a Comment

Your email address will not be published. Required fields are marked *

Anti-Spam Quiz:

This site uses Akismet to reduce spam. Learn how your comment data is processed.