Forum Discussion

Peter_Singer_71's avatar
Peter_Singer_71
Icon for Nimbostratus rankNimbostratus
Nov 17, 2010

BigIP V4.6 rewrite return for ssl

Hi,

 

 

I have 2 x BigIP 5100 running v4.6 that I have peoplesoft ESS HR web balanced and proxied.

 

 

The two nodes are http to the application servers and the proxy has a wildcard certificate.

 

 

Login is is ok but it reports mixed HTTP and HTTPS meaning that I think I need to rewrite the return traffic to the BigIPs from http to HTTPS.

 

 

In version 9x that I cannot go to at this time, I think I would use the following irule to deal with the issue;

 

 

when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }

 

 

What rule do I create in version 4.6x to do this as this rule is not accepted by this version of the F5 code?

 

 

Thanks

 

Peter
oracle
partner

3 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Nov 17, 2010
    Hi Peter,

     

     

    You should be able to redirect all HTTP requests to HTTPS. But that won't stop the browser from generating the insecure content warning. That warning occurs when the browser parses http:// references in the response to an HTTPS request. So you'd need to rewrite the response content. That cannot be done in 4.x. It can in 9 or 10.x using a stream profile and STREAM::expression based iRule.

     

     

    If you're stuck on 4.x, I'd focus on configuring the Peoplesoft app on how to either use relative references to itself so the browser makes the request via the same protocol or to use https:// in absolute references to itself. I think you might be able to use a custom HTTP profile with header to insert set to:

     

     

    Wl-Proxy-SSL: true

     

     

    Aaron
  • Ron_Carovano_75's avatar
    Ron_Carovano_75
    Historic F5 Account
    Nov 17, 2010
    Hi Peter,

     

     

    I manage F5's global alliance with Oracle and I would be more than happy to facilitate local support on this topic. Feel free to drop me an e-mail at r.carovano@f5.com

     

     

    Ron Carovano
  • Peter_Singer_71's avatar
    Peter_Singer_71
    Icon for Nimbostratus rankNimbostratus
    Nov 17, 2010
    Hi,

     

     

    Thank you, I thought that would be the case, I will put a certificate on the other side and see if that resolves the issue.

     

    Peter