Home / server / Questions / 1034480
In Process
Cousty
Asked: 2020-09-19 13:59:56 +0800 CST

Too many redirects NSX Load Balancer (HA Proxy) Application rule

  • 772

We are trying to do a redirect from / to /access/signin however with the following application rule we see too many redirects (looping) for HTTPS, HTTP is working fine.

acl TEST-RDR hdr_dom(Host) -i www.test.com
acl TEST-RDR path_beg /access/signin
http-request redirect location https://www.test.com code 301 if TEST-RDR

Any advice or pointers would be really helpful, I am new to Application rules and trying to convert an F5 iRule (below)

when HTTP_REQUEST { 
  set host_info [string tolower [HTTP::host]] 
  set uri_info [string tolower [HTTP::uri]] 
    switch -glob $host_info { 
     "www.test.com" {
       switch -glob $uri_info { 
         "/access/signin*" {
          HTTP::respond 301 Location "https://www.test.com"
         }
         "/*" {
          HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"
         }
       }
     }
     "*.test.com" { 
      switch -glob $uri_info { 
        "/access/signin*" {
          HTTP::redirect "https://[HTTP::host][HTTP::uri]"
        }
      }
     }
    }
}
f5-big-ip haproxy nsx

1 Answers

  1. In haproxy declaring acl twice actually means OR of those conditions, so this:

    acl TEST-RDR hdr_dom(Host) -i www.test.com
acl TEST-RDR path_beg /access/signin

    means Host = www.test.com OR path_beg /access/signin which keeps evaluating to true, because you redirect to the same domain, so https://www.test.com/ redirects to https://www.test.com/ and you get redirection loop.

    Instead try it this way:

    acl host_www.test.com hdr_dom(host) -i www.test.com
acl url_access_signin path_beg /access/signin

http-request redirect location https://www.test.com/ code 301 if host_www.test.com url_access_signin

    Haproxy has implicit AND when building conditions like in http-request above. I don't know F5, so i can't say if that is exact translation.

    • 1