Change from HTTP to HTTPS on same incoming Destination Port

Question

Looking for some guideance here, I wish to look at a client coming in say on port 2100 using a browser and url like http://abc.xyz.com:2100 and instead redirect them to come back on https://abc.xyz.com:2100 is there a easy way in irules to do this. I would like to not allow the http connect and make them come back via a redirect to https.

patrick_chang_7 · Answer

I don't think it can be done.  Here is the order of how things are done 
&nbsp; 1)  TCP Handshake 
&nbsp; 2)  SSL Handshake 
&nbsp; 3)  Send HTTP request 
&nbsp;  
&nbsp; One can't know to switch back and forth between HTTP and HTTPS on demand because it would require knowing whether the client was coming in SSL or not ahead of time.

perfmon_109693 · Answer

Two protocols over one port....hmmm....not sure about what the iRule logic would be.  talking over a designated port typically means the higher protocol layers are pre-arranged, or a pre-arranged 'generic' protocol will do some specific protocol negotiation.

jrahm · Answer

That option (Non-ssl connections) is in the clientssl profile.  Enabling this feature allows you to do ssl and non-ssl on same port-specific vip.  You could also do an iRule.  Reference this thread: 
&nbsp;  
&nbsp; http://devcentral.f5.com/Default.aspx?tabid=53&amp;forumid=5&amp;tpage=1&amp;view=topic&amp;postid=12581259 
&nbsp; Click here

Forum Discussion

Change from HTTP to HTTPS on same incoming Destination Port

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

How can I redirect an HTTP request to a Proxy and change the Destination?

Different policies same destination and pool

Change admin account

Block destination IP by source IP

Change cookie domain in HTTP::respond