Forum Discussion

Peter_Singer_71's avatar
Icon for Nimbostratus rankNimbostratus
Nov 17, 2010

BigIP V4.6 rewrite return for ssl




I have 2 x BigIP 5100 running v4.6 that I have peoplesoft ESS HR web balanced and proxied.



The two nodes are http to the application servers and the proxy has a wildcard certificate.



Login is is ok but it reports mixed HTTP and HTTPS meaning that I think I need to rewrite the return traffic to the BigIPs from http to HTTPS.



In version 9x that I cannot go to at this time, I think I would use the following irule to deal with the issue;



when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }



What rule do I create in version 4.6x to do this as this rule is not accepted by this version of the F5 code?






3 Replies

  • Hi Peter,



    You should be able to redirect all HTTP requests to HTTPS. But that won't stop the browser from generating the insecure content warning. That warning occurs when the browser parses http:// references in the response to an HTTPS request. So you'd need to rewrite the response content. That cannot be done in 4.x. It can in 9 or 10.x using a stream profile and STREAM::expression based iRule.



    If you're stuck on 4.x, I'd focus on configuring the Peoplesoft app on how to either use relative references to itself so the browser makes the request via the same protocol or to use https:// in absolute references to itself. I think you might be able to use a custom HTTP profile with header to insert set to:



    Wl-Proxy-SSL: true



  • Ron_Carovano_75's avatar
    Historic F5 Account
    Hi Peter,



    I manage F5's global alliance with Oracle and I would be more than happy to facilitate local support on this topic. Feel free to drop me an e-mail at



    Ron Carovano
  • Hi,



    Thank you, I thought that would be the case, I will put a certificate on the other side and see if that resolves the issue.