Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

HTTP to HTTPS

Hi,

I was wondering if someone could help me with an irule that will redirect a site http://test.site.com:8050 to https:test.site.com:8050. The problem is it keeps getting stuck in a loop. I need it to know if its http to redirect but if the site comes in https then to not redirect the request again.

Thanks!!!

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Generally with http-to-https redirection you would have two VS's with the same destination IP on different ports (eg. 80 & 443). There is a default iRule which will work for this (_sys_https_redirect). You will not be able to create one VS on 8050 without SSL profiles and another on the same port without SSL profiles to redirect to.

Why does your front end VS need to be listening on 8050 specifically? Could you not just do the generic 80/443 scenario I mentioned and if you backend pool members are listening on 8050 (ssl or otherwise), configure them as such.

1
Comments on this Answer
Comment made 25-Apr-2016 by Joseph.Johnson 154
Hi, Thanks for you answer! The reason is because the business is using multiple oracle apps that are on different ports. For example, http://oracle-test:8050 is one app and http://oracle-test:8090 is another app. I have a VIP configured that is listening on Port 0, and an irule that will check the port coming in appended to the URL and pass it to the associated Pool for that port. Now they want to utilize HTTPS. They can browse to the direct link https://oracle-test:8050 but they want to be able to redirect if a user just types in http://oracle-test:8050 to https://oracle-test:8050. Is there anything in the https header that we can pull out so that for example it an http request comes in redirect to https but if the [HOST]URL is HTTPS then do nothing and just let the traffic pass through? I know this may be convoluted but thanks for you response.
0
Comment made 25-Apr-2016 by shopkeeper56 295
So just to make sure I'm clear... you would like the following flow.... Client to VS is HTTP on the 80xx port. Then SSL on the connection between the Big IP and the Pool member (again on 80xx port)? All you would need to make this work is an Server SSL profile (using a certificate trusted by your Oracle hosts) and apply it to the VS
0
Comment made 25-Apr-2016 by Joseph.Johnson 154
Where would the redirect come into play. Remember, all of this is happening on the same VIP, I don't see how HTTP and HTTPS would use SSL on the same VIP simultaneously.
0
Comment made 26-Apr-2016 by shopkeeper56 295
I dont see why you couldn't make the virtual server with no client SSL profile (aka HTTP between client and Big IP), then use a server SSL profile (SSL between Big IP and Server). This can all be done on the same VIP. This I think does what your describing does it not?
0
Comment made 26-Apr-2016 by Theo 390
Furthermore, I would make the comment to the Oracle developers that they had to change the SSL settings for their port, and it's unrealistic to presume you wouldn't have to as well. The problem lies with order of operations: SSL is negotiated before HTTP comes into play (where you would redirect). I don't know of a way you could, though it may be possible if you could (using an iRule) detect whether SSL is used at an earlier event (like CLIENT_CONNECTED, where you can disable SSL).
0