Rewriting HTTP redirection with HTTPS->HTTPS (SSL-to-Server feature) does not func.

Dear Developers and Dear Community,

 

 

I've read many topics in the forum concerning the "rewrite HTTP redirection" feature - always reflecting the "HTTP redirect to HTTPS" case.

 

 

None is saying anything about the "HTTPS redirect to HTTPS" case.

 

 

I have redirection problems within our websphere application servers, 'cause they are always using the appserver port and never the origin Big-IP SSL proxy port, when sending out redirects.

 

 

I know that in other environments/setups, e.g. if using IBM HTTP Server with WebSphere plugin in front ionstead of F5 to achieve lookalike functionallity as Big-IP load-balancing, session stickiness, etc., they have some variables that can influence the appservers behavior:

 

 

E.g. WebSphere plugin ->

 

AppServerPortPreference

 

 

Specifies which port number the Application Server should

 

use to build URIs for a sendRedirect.

 

This field also specifies where to retrieve the value for

 

HttpServletRequest.getServerPort().

 

 

The following values can be specified:

 

 

"hostHeader" if the port number from the host header of the

 

HTTP request coming in is to be used.

 

"webserverPort" if the port number on which the Web server

 

received the request is to be used.

 

 

So, my question is, how can I do this with Big-IP?

 

 

In my setup the following, which is a webapp request for form-based authentication (j_security_check is doing a sendRedirect() call), has to be solved:

 

 

Request/Response Flow:

 

 

1.) Client requests https://a.b.c/login.html -> Big-IP SSL Proxy -> webapp_https Pool (SSL-to-Server feature) -> sends to https://a.b.c:9443/login.html

 

 

2.) Appserver receives the request + does a "sendredirect()" which leads to a "302" with HTTP LOCATION Header https://a.b.c:9443 wich is unfort. send out to the client.

 

 

Any ideas or thoughts are very welcome.

 

 

Thanks.

 

Jan