Forum Discussion

Rich_79422's avatar
Rich_79422
Icon for Nimbostratus rankNimbostratus
Oct 28, 2010

http request inside https

Good morning,

 

 

I'm new to the Irule creation. I have a specific option I need to accomplish.

 

 

First I have 2 VS, 1 is http and this is just to redirect to the https vs.

 

 

We are terminating the cert on the F5. After the ssl session is established the client will select a link that we are getting an error (No response from the server) for an http request. If the session is established with http all works well.

 

 

Can I create a 1 VS that will redirect to https and have an irule that will allow just that specific url to pass via http?

 

 

Thx

 

-Rich

 

application delivery
dev
devops
iRules

2 Replies

Sort By
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Oct 31, 2010
    Hi Rich,

    You can do the following 

    
      when HTTP_REQUEST {
             if { ![HTTP::host] eq "domain.com" } {
                 HTTP::redirect https://[HTTP::host]/[HTTP::uri]"
                 }

    I hope this helps

    Bhattman

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Nov 01, 2010
    Hi Rich,

    It sounds like the application is referencing itself over HTTP when being SSL proxied by LTM. If you want to avoid the client getting an insecure content warning, you'd want to rewrite the response headers and/or payload from http:// to https://. It would help to determine where the http:// reference is (in response headers and/or content). You can use a browser plugin like HttpFox for Firefox or Fiddler.

    Depending on the application, you might be able to configure it to reference itself using https://. If not, you should be able to use an iRule to rewrite the http:// references to https://.

    Also, if you want to try Bhattman's example, you can wrap the Host check in parentheses:

    when HTTP_REQUEST {
   if { !([HTTP::host] eq "domain.com") } {
      HTTP::redirect "https://[HTTP::host]/[HTTP::uri]"
   }
}

    Aaron