For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Lewis_Long_1076's avatar
Lewis_Long_1076
Icon for Nimbostratus rankNimbostratus
Aug 20, 2008

Change from HTTP to HTTPS on same incoming Destination Port

Looking for some guideance here, I wish to look at a client coming in say on port 2100 using a browser and url like http://abc.xyz.com:2100 and instead redirect them to come back on https://abc.xyz.com:2100 is there a easy way in irules to do this. I would like to not allow the http connect and make them come back via a redirect to https.
application delivery
dev
devops
iRules

3 Replies

  • Patrick_Chang_7's avatar
    Patrick_Chang_7
    Historic F5 Account
    Aug 21, 2008
    I don't think it can be done. Here is the order of how things are done

     

    1) TCP Handshake

     

    2) SSL Handshake

     

    3) Send HTTP request

     

     

    One can't know to switch back and forth between HTTP and HTTPS on demand because it would require knowing whether the client was coming in SSL or not ahead of time.
  • perfmon_109693's avatar
    perfmon_109693
    Icon for Nimbostratus rankNimbostratus
    Aug 21, 2008
    Two protocols over one port....hmmm....not sure about what the iRule logic would be. talking over a designated port typically means the higher protocol layers are pre-arranged, or a pre-arranged 'generic' protocol will do some specific protocol negotiation.
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Aug 21, 2008
    That option (Non-ssl connections) is in the clientssl profile. Enabling this feature allows you to do ssl and non-ssl on same port-specific vip. You could also do an iRule. Reference this thread:

     

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=12581259

     

    Click here