For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Navin_130677's avatar
Navin_130677
Icon for Nimbostratus rankNimbostratus
Jul 15, 2015

Help with F5 config with VS on Port 443 and Pool member on Port 8080

Hi

 

I have setup a Virtual Server with Port 443 and a client side SSL Certificate and setup a Pool with Server on Port 8080, When users connect to the URL as https://server.xyx.com and after the intial login an error is reported as webpage not available and when the Users again refreshes the URL adding https to it the content is loaded successfully.

 

What could be reason the redirection is failing from https to Port 8080.

 

THanks Navin

 

8 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 15, 2015

    It sounds like the server is sending back HTTP:// URLs (vs. The best way to verify that is with a Fiddler capture. You should be able to see all of the HTTP requests and responses in Fiddler, and I'm guessing the server will be sending back a redirect or resource URL that is pointing back to an HTTP:// resource.

     

  • gsharri's avatar
    gsharri
    Icon for Altostratus rankAltostratus
    Jul 15, 2015

    If the virtual server has an HTTP profile assigned you could enable the "Redirect rewrite" option. This will cause LTM to rewrite server http redirects to https before passing them to the client.

     

    As mentioned previously an iRule could also be used. See:

     

    SOL14775

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 15, 2015

    Redirect Rewrite will rewrite outgoing 30x redirects that contain an http:// Location header.

     

    A stream profile works on payload data, so if there are document objects (images, scripts, etc.) that the client needs to fetch, and those URLs are then a stream expression could be used to rewrite those.

     

    But before digging too much into the weeds, it's important to understand why the application is failing. Throwing a bunch of code at it may solve the problem, but it's far better to actually address the real problem. The absolute BEST thing you can do at this point is to simply watch the traffic. Install Fiddler or HTTPWatch and then fire up your browser and test. What you're most likely going to see is the client attempting (and failing) to access an URL. It'll either be coming from a 30x redirect response in that message's Location header, or from the payload of a previous response. You'll save yourself a lot of time and energy fixing this one problem versus potentially introducing new problems with additional code.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 31, 2015

    THe application is Jenkins which is runing on Port 8080

     

    I don't have any specific experience with this application, and I'm sure there are at least a few ways to deploy it. What you need to do is run a client side HTTP capture (HTTPWatch, Fiddler, etc.) and watch the HTTP communications to the browser. Start looking for attempts to reach the http:// port 8080 URL from the browser. Once you find these, go back the previous HTTP response (or maybe a few responses back) and look for where that URL is getting sent to the browser. It'll either be in an HTTP 30x redirect, in the Location header, or somewhere in the payload. Once you know where it's coming from, you can more easily solve the problem with a quick iRule fix.