How do i maintain the SSL connection between client and the F5 after login to a web page

When you say "...after logon the page is send back to the client as HTTP..." does the web server send the user a redirect to a HTTP page?

If your web application is forcing a redirect to a hardcoded HTTP page you need to use an iRule to intercept and overwrite the "Location" header in HTTP_RESPONSE for that particular URL.

Making the assumption that this is a HTTP redirect from http to https the following iRule will replace check the HTTP Location header and if it starts with http:// does a string map to replace with https:// and replaces the Location header with it.

when HTTP_RESPONSE {
    if {[string tolower [HTTP::header Location]] starts_with "http://" }{
         Generate a new Location destination replacing "http://" with "https://" and replace HTTP Header in response
        HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header "Location"]]
    }
}
`

You might want to add in a check for the hostname as well if the server sends valid directs to http, e.g. following iRule only replaces updates redirects for the domain :

`when HTTP_RESPONSE {
    if {[string tolower [HTTP::header "Location"]] starts_with "http://www.abc.com" }{
         Generate a new Location destination replacing "http://" with "https://" and replace HTTP Header in response
        HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header "Location"]]
    }
}

Hi,

I think the web server is sending traffic back to the F5 as HTTP but I expected the F5 to maintain the SSL connection back to the client? Well this is what I would like to happen.

This has to be due to a redirect or link on the web page as the HTTP connection is established from the client side.

If you do not need to connect to the server at all using HTTP then assign the default HTTP to HTTPS redirect iRule (_sys_https_redirect) on the HTTP Virtual Server, this will redirect all HTTP request to the HTTPS Virtual Server.

You can also track the connection using Google Chrome and the Inspect feature, right click on the page select Inspect from the menu. In the Developer Tools window select Network and tick Preserve log option and start.

Go to login page and login to track the journey, expect you to see the change from HTTPS to HTTP as a Redirect (status code 301 or 302) or as a simple new connection from a link, maybe the POST of the login form.

Hope this article helps. https://support.f5.com/csp/article/K14775

Or you can achieve same with Stream Profile and iRule https://support.f5.com/csp/article/K7027

More specific iRule with Stream Profile https://support.f5.com/csp/article/K8115?sr=565906

STREAM::expression {@http@https@}

ensure you have two virtual servers setup on the LTM. The first listening on your preferred https and the second on http. You then need to attached the pre-packaged f5 irule for http-to-https redirect "_sys_https_redirect" to the virtual server listening on http. This has always worked and redirects to the virtual server listening on https.