Forum Discussion

Ryan_Rowe_79249's avatar
Ryan_Rowe_79249
Icon for Nimbostratus rankNimbostratus
Sep 23, 2008

Https -> Http flash not working

I have my BipIP server giving out wildcard cert to all the https traffic comming in then proxies the traffic to the Virtual Server which then points it to the webserver node with http traffic. For some reason everything works but the flash content.

 

 

It works if i go into the web server and if I just proxy the http traffic through the BigIP on http.

 

 

So here is how it goes for a visual:

 

 

https(443) -> virtual Server80) -> Webserver(80)

 

 

Anyone know what setting would have to be checked to allow this traffic to move through?
application delivery
dev
devops
iRules

8 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 24, 2008
    Hi,

     

     

    Is this on 4.x or 9.x? Can you put a rule on an external facing port 80 VIP which redirects all HTTP requests to HTTPS? Else, if it's 9.x, you could potentially use a stream profile and stream iRule to rewrite the http:// references to https://. For details on using a stream filter to rewrite payload data, check the STREAM::expression wiki page (Click here).

     

     

    Aaron
  • Ryan_Rowe_79249's avatar
    Ryan_Rowe_79249
    Icon for Nimbostratus rankNimbostratus
    Sep 24, 2008
    I just realized that I posed this in 9.x this is a v4.x and I need external https to redirect to http and internal http to redirect to https.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 24, 2008
    In 4.x you can't inspect or modify the response content, so you're only option would be to try redirecting the external port 80 requests to HTTPS:

     

     

    https: external VIP (public IP:443) -> loopback VIP (127.x.y.z:80) -> pool (a.b.c.d:80)

     

     

    http: external VIP (public IP:80) -> rule to redirect to https://...

     

     

    Aaron
  • Ryan_Rowe_79249's avatar
    Ryan_Rowe_79249
    Icon for Nimbostratus rankNimbostratus
    Sep 24, 2008
    That is how it is setup. But when flash the external user request flash content through this route something gets lost and it gets confused and doesn't display the right information. Would the bigIP prevent this from happenening or is there a setting in teh loopback VIP to allow this to go through. Because if I set it like this:

     

     

    http: external VIP (Public IP:80) -> Pool (a.b.c.d:80)

     

     

    It works but when I go through a loopback VIP it doesn't.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 26, 2008
    A loopback VIP (127.x.y.z) is only accessible internally on the BIG-IP. By definition, it won't be accessible to the client. If you define a second VIP on the public IP on port 80 pointing to the pool, does it work?

     

     

    Aaron
  • Ryan_Rowe_79249's avatar
    Ryan_Rowe_79249
    Icon for Nimbostratus rankNimbostratus
    Sep 26, 2008
    No I know that I can not get to the loopback. I ment when I setup the BigIP with the loopback it doesn't work.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 27, 2008
    It's been too long since I've looked at a 4.x configuration to give specific pointers for what might not be configured correctly. If you're stuck, you could open a case with F5 Support and ask them to help you troubleshoot the issue.

     

     

    Aaron
  • BuddyIsrael_574's avatar
    BuddyIsrael_574
    Icon for Nimbostratus rankNimbostratus
    Dec 20, 2013

    understand this is an old thread. I am facing the same issue , flash doesnt work when traffic comes in through F5 . SSL is offloaded at F5 end and i also have an irule which converts http to https .

     

    This works smoothly when site is accessed directly from the server.