NimbostratusHi have some problem: have HTTP and HTTPS VIPs (the same IP). So basically http working fine.
Problem with HTTPS. when i am accessing site https://www.site.com i access it as https (as expect) but when i pressing anything in it and going deeper, site becoming http. Maybe have idea what the problem can be?
By the way i am using the same pool for both VIPs. SSL terminated to LTM and LTM-serves going http on 80.
thanks
NimbostratusMy guess is that the application generates links according to the protocol that the application was called on. So since the traffic between the BIG-IP and the server is http, the links become http instead of https. Either that or there are actually hard coded links in the application to http.
There are a few ways to deal with that - we could do a redirect of all http to https, but that will cause a lot of going back and forth between http and https by the client and isn't a very pretty solution. A far more powerful solution is to use the BIG-IP to in essence do a search and replace of http://www.site.com to https://site.com in the responses from the server. For instance by way of the stream profile,
AltostratusAs Henrik said, you could use a stream profile to replace http with https. See below
@http://www.site.com/@https://www.site.com/@@Hope this helps!
CumulonimbusWhat profile is configured for http and https virtual servers
Nimbostratushttps VIP: + stream iRule
Protocol Profile (Client)TCP
Protocol Profile (Server) tcp
HTTP Profilehttp
FTP Profilenone
RTSP Profilenone
SOCKS Profilenone
Stream Profilestream (source and target empty)
XML Profilenone
http VIP:
Protocol Profile (Client)TCP
Protocol Profile (Server) tcp
HTTP Profilehttp
FTP Profilenone
RTSP Profilenone
SOCKS Profilenone
Stream Profilesome_profile:target: @@
XML Profilenone
CumulonimbusAny iRules are assigned to VIP's?
Nimbostratuswhen HTTP_REQUEST { tell server not to compress response HTTP::header remove Accept-Encoding
disable STREAM for request flow
STREAM::disable
} when HTTP_RESPONSE {
catch and replace redirect headers
if { [HTTP::header exists Location] } {
HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header Location]]
}
only look at text data
if { [HTTP::header Content-Type] contains "text" } {
create a STREAM expression to replace any http:// with https://
STREAM::expression {@http://@https://@}
enable STREAM
STREAM::enable
}
also exists 301 redirect iRule
when HTTP_REQUEST { if { [HTTP::uri] contains "*****" } { HTTP::respond 301 Location "https://w" } }
and maintenance page iRule.
By the way there are 2 web sites on the same server behind this VIP. And looks like one site performs well.
AltostratusWhat profile is configured for http and https virtual servers
Nimbostratushttps VIP: + stream iRule
Protocol Profile (Client)TCP
Protocol Profile (Server) tcp
HTTP Profilehttp
FTP Profilenone
RTSP Profilenone
SOCKS Profilenone
Stream Profilestream (source and target empty)
XML Profilenone
http VIP:
Protocol Profile (Client)TCP
Protocol Profile (Server) tcp
HTTP Profilehttp
FTP Profilenone
RTSP Profilenone
SOCKS Profilenone
Stream Profilesome_profile:target: @@
XML Profilenone
AltostratusAny iRules are assigned to VIP's?
Nimbostratuswhen HTTP_REQUEST { tell server not to compress response HTTP::header remove Accept-Encoding
disable STREAM for request flow
STREAM::disable
} when HTTP_RESPONSE {
catch and replace redirect headers
if { [HTTP::header exists Location] } {
HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header Location]]
}
only look at text data
if { [HTTP::header Content-Type] contains "text" } {
create a STREAM expression to replace any http:// with https://
STREAM::expression {@http://@https://@}
enable STREAM
STREAM::enable
}
also exists 301 redirect iRule
when HTTP_REQUEST { if { [HTTP::uri] contains "*****" } { HTTP::respond 301 Location "https://w" } }
and maintenance page iRule.
By the way there are 2 web sites on the same server behind this VIP. And looks like one site performs well.
Nimbostratushttp has "Default Persistence Profilemultiple" actually not sure what that mean. Also has redirect rule and some iRule not sure what that means
when HTTP_REQUEST { if {[HTTP::cookie "__utma"] ne ""} { Replace the last Set-Cookie header value with the same value and ; HttpOnly appended
HTTP::header replace Set-Cookie "[HTTP::header Set-Cookie]; HttpOnly" } }
when HTTP_RESPONSE { if {[HTTP::cookie "cookie_name"] ne ""} { Replace the last Set-Cookie header value with the same value and ; HttpOnly appended
HTTP::header replace Set-Cookie "[HTTP::header Set-Cookie]; HttpOnly" }
}
just got info from web server guys that performance issue should be because of pictures that sends out not compressed now, because of load balancer miss configuration.
they are saying i need bypass images, have any ideas what can be done toward that ?
thanks for help
AltostratusI feel you need to open a ticket with F5 vendor for your requirement. It seems to be little weird one.
Nimbostratusfor me looks like simple task now :) I believe when iRule "HTTP::header remove Accept-Encoding" disable encoding and need enable back. Can i be right?
Nimbostratusby the way just started reading/looking, but maybe someone can advice how to do that?
NimbostratusNow in this discussion big mess. But i moving forward basicaly now need solve one more problem. After applying stream iRule that replace http to https in https web page svg format images not loading. So waiting for advice.
Thanks