HTTP after redirect, should be HTTPS

Question

Hello all, here an irule newbee.
The problem:
Incoming is a HTTPS-request. I have a certificate installed, and so transfer HTTP to the server(s) behind the LB. They ask again other servers to do some processing. As long as THOSE servers do a HTTP-response, everything is fine and the customer doing HTTPS keeps seeing HTTPS on his screen. But when those server reply via a REDIRECT, the customer looses the HTTPS and sees plain HTTP on his screen. The connection isn't safe anymore. 
The question:
How can I avoid/repair this?
TIA!&nbsp;

kevin_stewart · Answer

If it's as simple as http:// URLs bleeding through to the client from HTTP redirects, you can do something like this:
when HTTP_REQUEST {
    if { [HTTP::header exists Location] } {
        HTTP::header replace Location [string map -nocase {"http://" "https://"} [HTTP::header Location]]
    }
}

That will replace any http:// in a redirect with https://.

huub_dewachter1 · Answer

Yes, perhaps that could work!
But I'd like to check the response-header to see what I have to change to what.
Local 0. doesn't seem to work in a HTTP_REPONSE ...
Any ideas?
TIA,&nbsp;
Huub. &nbsp;

nitass · Answer

Local 0. doesn't seem to work in a HTTP_REPONSE.&nbsp;

what is not working?&nbsp;

nitass · Answer

this is mine.
 config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
    when HTTP_RESPONSE {
        log local0. "before $$HTTP::header Location$$=[HTTP::header Location]"
  if { [HTTP::header exists Location] } {
    HTTP::header replace Location [string map -nocase {"http://" "https://"} [HTTP::header Location]]
  }
  log local0. "after $$HTTP::header Location$$=[HTTP::header Location]"
}
}

/var/log/ltm

[root@ve11a:Active:In Sync] config  tail -f /var/log/ltm
Feb  6 05:39:51 ve11a info tmm[13662]: Rule /Common/myrule : before [HTTP::header Location]=http://www.domain.com/somethingelse
Feb  6 05:39:51 ve11a info tmm[13662]: Rule /Common/myrule : after [HTTP::header Location]=https://www.domain.com/somethingelse

huub_dewachter1 · Answer

I get strange results. This is my (test) iRule:&nbsp;
when HTTP_REQUEST {
  if { [string tolower [ HTTP::host ] ] equals "inkoopveerle.neck.nl" } {
     pool pl-dmz-cl20inkp
     }
     elseif { [string tolower [ HTTP::host ] ] equals "proef.neck.nl"} {
       log local0. "before1 [HTTP::header Location]=[HTTP::header Location]"
       if { [HTTP::header exists Location] } {
          HTTP::header replace Location [string map -nocase {"http://" "https://"} [HTTP::header Location] ]
          log local0. "after2 [HTTP::header Location]=[HTTP::header Location]"
          }
     pool pl-dmz-cl20inkp-proef
     }
     else { HTTP::respond 200 content {No such Application}
  }&nbsp;
}
when HTTP_RESPONSE {
  log local0. "before3 [HTTP::header Location]=[HTTP::header Location]"
  if { [HTTP::header exists Location] } {
        HTTP::header replace Location [string map -nocase {"http://" "https://"} [HTTP::header Location] ]
        log local0. "after4 [HTTP::header Location]=[HTTP::header Location]"
     }
}&nbsp;
And this is the logging:
Rule–ir-dmz-cl20inkp_80  :  before1  [HTTP:header Location]=
Rule–ir-dmz-cl20inkp_80  :  before3  [HTTP:header Location]=&nbsp;
So: no info ... :-(&nbsp;

Forum Discussion

HTTP after redirect, should be HTTPS

9 Replies

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

Anchor Link Redirect

url redirect

iRule redirection

Rewriting Redirects

Need to redirect complete URL into redirected uri