app check for ssl when cert is on F5

Question

Apologies if this is not the correct forum for this question...&nbsp;
&nbsp;We have apps (jsp in this case) that are checking for an http vs https connection from the client to the web server.  After moving the ssl cert to the F5 and off the server, that no longer works.  &nbsp;
&nbsp;It loops actually since it checks for http, if it is, redirects to https - since it's always http from the F5 -&gt; server...  &nbsp;
&nbsp;Other than writing an irule for all the pages they want to check and redirect, is there a way around this?  A way they can verify with the F5 or client that a given page is secure?  Someone must have come across this.  &nbsp;
&nbsp;I suppose we could self cert the web server to secure it all the way through, but we want all SSL off the server.&nbsp;
&nbsp;Thanks all!!&nbsp;
&nbsp;-Rich

james_thomson · Answer

most people tell the BIG-IP to insert an HTTP header (i.e.-HTTPS=true) and then the server checks for this header when deciding to redirect or not.  Here's an example for weblogic.  https://tech.f5.com/home/solutions/sol4443.htmlcommandline

rhawkins_76959 · Answer

NICE!  I'll check that out, thanks so much!&nbsp;
&nbsp;-Rich

rh_75081 · Answer

Posted By j.thomson  on  08/24/2007 8:20 AM&nbsp;
&nbsp;most people tell the BIG-IP to insert an HTTP header (i.e.-HTTPS=true) and then the server checks for this header when deciding to redirect or not.  Here's an example for weblogic.  https://tech.f5.com/home/solutions/sol4443.htmlcommandline&nbsp;&nbsp;
&nbsp;I have a similar requirement where the F5 terminates SSL connections and passes thru http requests to an Apache httpd server onto a Weblogic Server.
&nbsp;I do not have access to the particular URL mentioned above - but going by your suggestion would be a bit cumbersome in our application since we have redirects in many different places within our JSP pages.  Was wondering if there was a way to preserve the requestScheme for the requesting HTTPRequest without having to trap the HTTP header? This seems to be preserved when the SSL termination is done within  Apache. The http request that is forwarded by the WebLogic plugin to the WLS server has the right requestScheme(https)&nbsp;
&nbsp;Thanks&nbsp;
&nbsp;Ramdas

deb_allen_18 · Answer

Hi Ramdas --&nbsp;
&nbsp;You can get access to the AskF5 site by registering here: Click here&nbsp;
&nbsp;Do you need to re-write redirects sent thru LTM from http to https?&nbsp;
&nbsp;Or do you need to tranlsate server-referencing links in the payload from http to https?&nbsp;
&nbsp;Or something else?&nbsp;
&nbsp;/deb

rh_75081 · Answer

Deb,&nbsp;
&nbsp;I am not sure which category my problem falls into. Basically what was happening was that https requests were being terminated by the F5. The requesting scheme that was being passed into the WLS appserver was http instead of https and hence the request to the redirected page went over http. I wanted the  incoming scheme to be recognized by WLS as being https.
&nbsp;Was able to achieve this by the following solution.&nbsp;
&nbsp; https://tech.f5.com/home/solutions/sol4443.html
&nbsp; 
&nbsp; Solution ID: SOL4443
&nbsp; Configuring the BIG-IP LTM to add a header so that BEA WebLogic 
&nbsp; nodes will generate redirects and links that specify the HTTPS protocol&nbsp;
&nbsp;Thanks&nbsp;
&nbsp;Ramdas&nbsp;

Forum Discussion

app check for ssl when cert is on F5

Recent Discussions

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

Related Content

Client Cert Request by URI with OCSP Checking

GUI restarts when checking Certs on appliance

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates

Check a Virtual Server's SSL Status

Leaked Credential Check with Advanced WAF

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS