HTTP -> HTTPS -> HTTP Cookie Persistence

I have a ticket open with F5 technical support, but thought I might post my issue here as well, just to see if anyone might have some insight. I am not sure if this needs to be handled by an iRule specifically, or if basic configuration options can yeild the desired result?

 

 

A user connects to http://www.gosolodev.com:80 and enters login information. The BigIP directs the request to server1 and the user authenticates. At this point, the user is logged in to server1 and the BigIP uses cookie persistence to continue to direct that user to server1. As the user is navigating throughout the application, they click a link that uses SSL so they access https://www.gosolodev.com:443. At this point, the BigIP is not matching the cookie persistence and re-load balances the connection, possible directing the user to server2. Since the user was logged in to server1, server2 requires them to authenticate.

 

 

What we need to happen is as long as the same user with the same session is connecting to the BigIP, they should go to the same server, regardless of whether they are connecting via HTTP or HTTPS. The re-login presentation that happens is really just a by product to the issue. Does anyone know how to do this?

 

 

The following are the relevant entries in bigip.conf

 

 

monitor gosolodev-wl-https {

 

defaults from https

 

interval 10

 

timeout 31

 

send "GET /um/login.jsp"

 

}

 

monitor gosolodev-wl-http {

 

defaults from http

 

reverse

 

interval 10

 

timeout 31

 

recv " Weblogic Bridge Message Failure of server APACHE bridge:

 

No backend server available for connection: timed out after 10 seconds.

 

Build date/time: May 8 2003 15:20:38

 

Change Number: 257949 "

 

send "GET /um/login.jsp"

 

}

 

profile clientssl gosolodev-clientssl {

 

defaults from clientssl

 

key "gosolodevssl.key"

 

cert "gosolodevssl.crt"

 

}

 

profile serverssl gosolodev-serverssl {

 

defaults from serverssl

 

key "gosolowildssl.key"

 

cert "gosolowildssl.crt"

 

ca file "ca-bundle.crt"

 

}

 

profile http gosolodev-http {

 

defaults from http

 

insert xforwarded for enable

 

}

 

profile persist dev-gosolo-cookie {

 

defaults from cookie

 

mode cookie

 

cookie mode insert

 

cookie name GOSOLODEV-COOKIE

 

cookie expiration 0d 02:00:00

 

across services enable

 

across virtuals enable

 

}

 

pool dev-https {

 

monitor all gosolodev-wl-https

 

member 192.168.103.79:https

 

member 192.168.103.126:https

 

}

 

pool dev-http {

 

monitor all gosolodev-wl-http

 

member 192.168.103.79:http

 

member 192.168.103.126:http

 

}

 

rule strip-www-gosolodev {

 

when HTTP_REQUEST {

 

if { [HTTP::host] equals "www.primerica.gosolodev.com" } {

 

HTTP::redirect "http://primerica.gosolodev.com"

 

}

 

virtual dev-http {

 

destination 192.168.103.190:http

 

ip protocol tcp

 

profile gosolodev-http oneconnect tcp

 

persist dev-gosolo-cookie

 

pool dev-http

 

vlans DEV enable

 

}

 

virtual dev-https {

 

destination 192.168.103.190:https

 

ip protocol tcp

 

profile gosolodev-clientssl gosolodev-http gosolodev-serverssl oneconnect tcp

 

persist dev-gosolo-cookie

 

pool dev-https

 

vlans DEV enable

 

}

 

 

 

Thanks.