I have one application published over port 5100 (and cannot be changed) and whenever i configured a VS wihtout client ssl profile the whole application works. Although when i associate a proper client SSL profile without server SSL (the application is plain http) it works almost everything except authentication. I've discovered that whenever i send my credentials these are sent over POST that is pointing to the appropriate ip and port but on https. Since the F5 is expecting https it will automatically discard the POTS.
Is there any way to either modify the POST that the user will sent to https or create any allowance on the VS for an specific POST on plain HTTP?. The port remains the same, so i cannot redirect the packet to any non HTTPS VS on different port.
I don't think the change you need to do is in the F5 itself.
Probably the application has an absolute URL and should have a relative URL.
Have a look in this post:
First of all many thanks for the response (incredibly quick) and effort.
Second i though that the POST itself is been understood by the F5 since I am running a parallel virtual server with different IP but same port and configuration as production and the POST is pointing to the IP address of my "Pararell" VS (I am not using FQDN but IP for testing. I can clearly see that the post is pointing always to the new ip address of the F5. As per my understanding after i read the first entry in the article of relative vs absolute, a relative one does not specify the protocol used neither the FQDN, only the path, so the browser will use the ip address of my VS.
Would it be possible to have a relative URL at domain but Absolute at protocol level at the same time?
Besides this i would like to check if anybody else has any issue publishing http apps over SLL VS and the POST does not work.
I do know that APM portal access is more than capable to understand this, but i am working with LTM...so i do not know if there is any solution to accept the POST in plain http on a SSL VS.
If you have a relative URL, it will use whatever protocol and port you are currently using for the page you loaded.
You could only change that with absolute URLs, but browsers normally complain about mixing SSL and non-SSL content.
If the virtual server is using SSL, so it has a clientssl profile, it will not accept plain HTTP traffic.
So, you will not be able to do HTTP and HTTPS on the same virtual server.
If the application is important enough that you need to use SSL, why do the most sensitive part of the application (authentication) in plain text?
The fact you use post does not guarantee any confidentiality.