Forum Discussion

Robert_McAndrew's avatar
Robert_McAndrew
Icon for Nimbostratus rankNimbostratus
Jun 19, 2006

https switching to http

We've got a relatively simple configuration of one virtual server with a pool of 4 physical servers running BEA Web Logic. When the connection is made to the URL it is via https. When navigating through the application, occasionally it times out and we've noticed the URL has changed from HTTPS to HTTP. I've check the web pages to look for any hard coding, that may be causing this, but there is none and the conversion is inconsistent, meaning it happens on random pages.

 

 

We put in a trouble ticket with F5 and they sent us an IRULE that looks for the conversion and transfers the page back to https. The problem with this is, every time it does the conversion, the user is prompted by IE that they are leaving a secure site and asked if they want to proceed. This won't work for our production environment. Any assistance would be appreciated.

 

 

Thanks

4 Replies

  • Hello,

    I assume the iRule support provided was to redirect incoming HTTP requests to HTTPS. You could add a log statement in the iRule that's redirecting from HTTP to HTTPS to see where the problem is occurring.

    
       log local0.info "Client [IP::remote_addr] -> [HTTP::method] -> [HTTP::host][HTTP::uri]"

    Or you could use tcpdump or a client side tool like like LiveHTTPheaders or HTTPwatch to check the server's response.

    It's also possible that there is a persistence issue where the client is getting bounced to a new server and then getting HTTP content.

    To resolve this, you'll need to find exactly where/why the insecure content is coming in.

    Aaron
  • I had similar issues and was able to solve it using streams. Searches the IP stream and replaces text.

     

     

    goto profiles - other - streams.

     

     

    Create a custom stream for the target: "@http://ocs1.co.escambia.fl.us@https://ocs1.co.escambia.fl.us@@http://ocs1.co.escambia.fl.us:80@https://ocs1.co.escambia.fl.us@"

     

     

    This one works to search and change two different http redirects.

     

     

    Add the streanm to te virtual server. If it sounds like this will work and you need more detail, just let me know.

     

     

     

  • Deb_Allen_18's avatar
    Deb_Allen_18
    Historic F5 Account
    Just be sure (since the replacement will change the content length) to enable rechunking in the corresponding http profile to force update of the Content-Length value. (The stream profile is known not to update Content-Length with the new length.)

     

     

  • It might be good to actually verify what's causing the insecure content error.

     

     

    Or... if it is just a redirect in the web application to HTTP, you could use the built in functionality for rewriting redirects.

     

     

    For more info on rewriting redirects, see the Configuration Guide's 'Rewriting an HTTP redirection' section:

     

     

    Click here

     

     

    Aaron