Forum Discussion

adrian_3092's avatar
adrian_3092
Icon for Nimbostratus rankNimbostratus
Oct 09, 2019

F5 BIG IP - Help with Redirect from Port to URL

Hello. I've configured SSL Offloading on my F5. I have my VS set to use 443, while my Pool is set for 80. I have set a client SSL certificate. Within IIS, my site is bound to port 80. I've tried a bunch of different iRules but am at a roadblock. When I try to connect via my client, I'm getting an error stating the connection has been actively refused on X.X.X.X:80. I had a similar configuration with Citrix ADC and had to create a policy to redirect from port 80 to https://server.domain.com. Is this possible with F5? Any help is greatly appreciated. Thanks!

 

To add some extra context, this application can be accessed via browser and also thick client. Without any iRules, when I access https://server.domain.com via browser, everything works fine. But when I try to connect through the thick client, the application is doing something on the back-end in trying to connect through 80 and I'm seeing "No connection could not be made because the target machine actively refused it 10.10.17.150:80"

 

 

application delivery
BIG-IP
iRules

1 Reply

Sort By
  • Jeff_Malin's avatar
    Jeff_Malin
    Icon for Nimbostratus rankNimbostratus
    Oct 09, 2019

    Hi Adrian, I had a similar issue this morning! my issue was that I didn't have an iRule to notify the backend servers that the traffic was SSL offloaded by the F5.

     

    I was reading this article about setting up ssl offloading;

     

    https://www.lullabot.com/articles/setting-up-ssl-offloading-termination-on-an-f5-bigip-load-balancer

     

    And in that article it included instructions on setting up an irule with the following code:

     

    ##

    # Notify the backend servers that this traffic was SSL offloaded by the F5.

    ##

    when HTTP_REQUEST {

    HTTP::header insert "X-Forwarded-Proto" "https";

    }

     

    Once I did that, my SSL Offloaded VS started to work. I'm still having issues with some redirects, but at least I can get to the correct destination now.

     

    Hope this helped.