Forum Discussion

dirome's avatar
dirome
Icon for Cirrus rankCirrus
Jul 17, 2013

Redirect frotm port http:test:7778 to https:test:7778

Hi,

 

 

I have two Virtual server,a for the profile http and the other for profile https, when i do test for the redirect since port http://test/7778 to https://test/7778 dont work, because don´t enter to the page, some one have idea do this

 

 

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 17, 2013
    You cannot have multiple VIPs listening on the same IP and port. Are you saying that "http://test:7778" is an HTTP VIP listening on port 7778, and "https://test:7778" is an HTTPS VIP also listening on port 7778? And "test" is one host name that resolves to one IP address? If so, that won't work. You could, potentially, host both HTTP and HTTPS on one VIP and enable/disable the client SSL profile, but that may not be your intention.
  • Camilo_Mongui_1's avatar
    Camilo_Mongui_1
    Icon for Nimbostratus rankNimbostratus
    Jul 18, 2013
    Hi kevin, I complement the idea the "El_Bendecido".... We need manage certificates on the web portal. We have the portal http://test:123/index.html and need redirect to https://test:123/index.html, but we create the Virtual Server with Port 443 in the F5 to redirect the portal but the URL change to https://test/index.pl, we need that the URL is the same in the redirect to https, is possible this?

     

     

    Thanks

     

     

    Att Camilo
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 19, 2013
    In a word, no.

     

     

    The ":123" in the Host address specifies the port number. In the absence of a port number, HTTP://test/index.html would be the same as HTTP://test:80/index.html, and HTTPS://test/index.html would be the same as HTTPS://test:443/index.html. To that end, you cannot create two virtual servers that listen on the same IP and port, regardless of SSL. If you need this because the back end application needs the port number in the Host address, I might recommend simply changing the Host header on the way in.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jul 28, 2013
    We have the portal http://test:123/index.html and need redirect to https://test:123/index.htmlhave you tried to enable nonssl? anyway, i think it may not be a good idea.

    e.g. 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:123
   ip protocol 6
   rules myrule
   profiles {
      http {}
      myclientssl {
         clientside
      }
      tcp {}
   }
}
[root@ve10:Active] config  b profile myclientssl list
profile clientssl myclientssl {
   nonssl enable
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
  set is_ssl 0
}
when CLIENTSSL_HANDSHAKE {
  set is_ssl 1
}
when HTTP_REQUEST {
  if { not ($is_ssl) } {
    HTTP::redirect "https://[HTTP::host][HTTP::uri]"
  }
}
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}

 non-ssl

[root@ve10:Active] config  curl -I http://172.28.19.252:123/something
HTTP/1.0 302 Found
Location: https://172.28.19.252:123/something
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

 ssl

[root@ve10:Active] config  curl -Ik https://172.28.19.252:123/something
HTTP/1.1 404 Not Found
Date: Sun, 28 Jul 2013 04:35:09 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=iso-8859-1