Forum Discussion

VB_95896's avatar
VB_95896
Icon for Nimbostratus rankNimbostratus
Jun 22, 2010

Server Redirect through HTTPS VIP...

I have got an HTTP host "myhost.group.com" which can be accessed through an HTTP virtual server but not through an HTTPS virtual server...It looks like a "redirection over SSL" problem (the server sends a redirect but the client fails to change the URL because of some SSL properties).

 

 

Could you tell me how to handle (server-triggered) redirections in the case of the HTTPS virtual server ?

 

 

 

For information, here are the steps following a 1st request to "URL1" (when using the HTTP virtual server) :

 

 

1/ the HTTP host redirects the client to "URL2" (see below).

 

2/ After an authentication, the HTTP host redirects the HTTP client to "URL1" (see below).

 

 

With :

 

 

URL1 = http://myhost.group.com/html/index.php

 

URL2 = http://myhost.group.com/html/protected/login.php?&accessdenied=%2Fhtml%2Findex.php

 

 

 

Regards,

 

 

VB
config
design

3 Replies

Sort By
  • L4L7_53191's avatar
    L4L7_53191
    Icon for Nimbostratus rankNimbostratus
    Jun 23, 2010
    VB: I'm not totally clear on what your issue is. Is the HTTPS virtual redirecting back to HTTP because you're terminating SSL on the BigIP and passing back to the servers in the clear? If so, this is a common issue that may be really easy to fix. A good place to start is to create a custom HTTP profile, then enable "Redirect Rewrite" - set it to 'matching' for starters. Bind that HTTP profile to your HTTPS virtual server.

     

     

    For more info you can have a look at this article: https://support.f5.com/kb/en-us/solutions/public/6000/900/sol6912.html

     

     

    HTH,

     

    -Matt
  • VB_95896's avatar
    VB_95896
    Icon for Nimbostratus rankNimbostratus
    Jun 24, 2010
    Thanks for your support. My situation is indeed the following :

     

     

    "The HTTPS virtual is redirecting back to HTTP because I am terminating SSL on the BigIP and passing back to the servers in the clear"

     

     

    I created the custom HTTP profile with "Redirect Rewrite" set to 'matching' and it is bound to my HTTPS virtual server.

     

     

    It works to a point... As expected the url in my browser is always starting with "https://" (and hyperlinks get translated)...Here is the scenario :

     

     

    (1) After authentication on the BigIP I get redirected on the server's login page. This page seems perfectly unaltered and the uri matches with the original one.

     

    (2) After logging in on the server's login page, I am redirected to the homepage of the website. This homepage is missing some elements (colors, pictures, formatting....) and the uri does not match. It should be :

     

     

    http://myhost.group.com/html/index.php?page=..%2Fcommon%2Frecord_edit.php%3Frkey%3DUSERID%26USERID%3D953%26rid%3D953%26btoken%3Da67ec199b2dc44f2d31b0005f12482c5953%26MM_edit%3D1%26PswWarn%3D3

     

     

    And it is instead :

     

     

    http://myhost.group.com/html/index.php

     

     

     

    Do you know the reasons that could explain such a behavior ?

     

     

     

    NB : Perhaps the need for transcription to "https://" is not limited to redirects... I imagin (java) scripts may contain instructions to access "http://" ressources...

     

     

     

    Regards,

     

     

    VB

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 24, 2010
    Hi VB,

     

     

    If you want to rewrite http:// to https:// in response content (like Javascript), you could use a blank stream profile and a STREAM::expression based iRule. You can check the wiki page for examples:

     

     

    http://devcentral.f5.com/Wiki/default.aspx/iRules/STREAM__expression.html

     

     

    If query strings are being truncated, then I'd suggest opening a case with F5 Support to see where this is happening.

     

     

    Aaron