WebDAV and SSL Problem

Question

I am implementing a document management system (OpenText) with SSL offload on the LTM.  I have an iRule that sends a redirect to https for any http traffic.  The redirect works fine until WebDAV starts being used.  In captures, I see the browser sending, for example,
&nbsp;http://www.xxx.com/contentserverdav/License.pptx with HEAD /contentserverdav/License.pptx HTTP/1.1
.  The LTM sends a redirect with Location:https://www.xxx.com/contentserverdav/License.pptx
.  But the browser ignores the redirect.  Any information you could provide on whether this is normal, or ways to make SSL work with WebDAV would be greatly appreciated.&nbsp;

hooleylist · Answer

Hi, 
&nbsp;  
&nbsp; I'm not familiar with the OpenText app, but here are a few possible solutions in order of efficiency for LTM: 
&nbsp;  
&nbsp; Set a native OpenText configuration option which tells the web app that it should refer to itself using https:// instead of http:// references.  This is something you could check OpenText documentation for.  I assume most web apps support SSL proxying by now. 
&nbsp;  
&nbsp; Configure LTM to insert an HTTP header which LTM inserts which tells the web app that it should refer to itself using https:// instead of http:// references. 
&nbsp;  
&nbsp; Use an iRule and stream profile to rewrite the response headers and content from http:// to https:// so that the client will make requests to https:// only. 
&nbsp;  
&nbsp; Aaron

pwoll_74049 · Answer

Thanks to your help, I was able to resolve this.  I used the third approach above to use an iRule to rewrite the responses as follows: 
&nbsp;  
&nbsp; when HTTP_RESPONSE { 
&nbsp;   
&nbsp;    Check if response type is text 
&nbsp;   if {[HTTP::header value Content-Type] contains "text"}{ 
&nbsp;     
&nbsp;    Replace http:// with https:// 
&nbsp;     STREAM::expression {@http://mydomain.com@https://mydomain.com@} 
&nbsp;    Enable the stream filter for this response only 
&nbsp;     STREAM::enable 
&nbsp;   } 
&nbsp;    
&nbsp;      Check if server response is a redirect  
&nbsp;   if { [HTTP::header is_redirect]} {  
&nbsp;         Log original and updated values  
&nbsp;        log local0. "Original Location header value: [HTTP::header value Location],\  
&nbsp;                 updated: [string map -nocase "http:// https://" [HTTP::header value Location]]"  
&nbsp;    
&nbsp;         Do the update, replacing http:// with https://  
&nbsp;        HTTP::header replace Location [string map -nocase "http:// https://" [HTTP::header value Location]]  
&nbsp;   } 
&nbsp; } 
&nbsp;  
&nbsp; At first I thought that the second portion of this code to rewrite the Location entries was unnecessary.  However, I learned that the stream profile does not affect the Location information, thus the addition.  Elsewhere, I only had to enable the stream profile on the Virtual Server.

Forum Discussion

WebDAV and SSL Problem

2 Replies

Recent Discussions

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

[ASM] - what is "Browser Challange file" ?

LDAPS and renegotiation

Related Content

IIS 6.0 WebDAV Buffer Overflow

Source_Addr Persistence Problems

Problem about Export imformation to Excel

C3D first request problem

Troubleshooting TLS Problems With ssldump