Forum Discussion
bala_7975
Nimbostratus
NimbostratusBigIP not passing the 302-redirect through
Hello
I am new to this forum! Please can someone help to resolve my problem?
We have an issue where the BigIP is not passing the https 302-redirect through. We have a Web Application Firewall that sit between the BigIP and Web server farm. The SSL traffic is terminated at BigIP. So any traffic between BigIP and web servers are http.
Whenever a request is being blocked by the WAF, it point to this 302-error page - https://wwwWebServer.Error_302.htm but page is not being pass through the BigIP. The TCPdump shows the page leaves the WAF.
I do really appreciate your help.
Thank you
Bala
hoolioCirrostratus
Hi Bala,
If you use a browser plugin like HttpFox for Firefox or Fiddler for IE, does the client receive the 302 redirect but not receive a response on the subsequent request? I can't really see LTM blocking a specific response like that. You might also try adding an iRule which logs the request and response headers on LTM to help debug this further:
http://devcentral.f5.com/Wiki/default.aspx/iRules/LogHttpHeaders.html (Click here)
Aaron- hoolioI'd guess the app is sending a redirect to http://... not https://. You'd see this in the Location header of the 30x redirect. If that's the case, you can rewrite the redirect to https:// using a custom HTTP profile with rewrite redirects enabled. Check the online help in the GUI for the HTTP profile for details.
Aaron 
bala_7975When the request is blocked by the web application firewall, the WAF sends a redirect to this HTTPS and not HTTP. This page resides on one of the web servers.
Thanks
Bala- hoolioI think it would be helpful to use a browser plugin and an iRule which logs the request and response headers to see exactly what's happening.
Aaron - bala_7975I haven’t still unable to resolve this issue!
The Web Application Firewall (WAF) blocks the malicious http request and it replies on the same TCP stream with a 302 redirection response to a https://Error_404.htm error page on one of the web servers. This response is not arriving properly to the client because; it’s being blocked by the intermediate Big-IP.
Client -> Big-IP -> WAF -> Web Servers
Please can someone help me to resolve this issue?
Thank you
Bala - hoolioDo you see the response being sent to the BIG-IP? What happens at the TCP and HTTP levels on the BIG-IP's server and client sides? It may help to open a case with F5 Support so they can help you capture and/or review tcpdumps of the failure.
Aaron