Forum Discussion

Richard_Bedford's avatar
Richard_Bedford
Icon for Nimbostratus rankNimbostratus
Jan 24, 2008

HTTP 1.0/1.1, SSL, BigIP and Sharepoint <--BigIP noob...

Dear All,     I'm a BigIP noob and have been asked to look into an issue we have with the installation of our BigIPs. (note: I didn't do the install)     Setup:     BIG-IP 9.4.0 Bui...
application delivery
dev
devops
iRules
Richard_Bedford's avatar
Richard_Bedford
Icon for Nimbostratus rankNimbostratus
Mar 28, 2008
After much scratching of heads we came up with a solution to this problem. I don't think it actually 'fixes' the issue, but it's a workaround that works.

I discovered that if SSL was enabled on the IIS servers, and then we used SSl all the way through, we had no problems. So I devised a solution that used HTTP from the LTM to IIS for 'normal' web browsing, but whenever a 'post' was made, the LTM used SSL at the back-end.

After tweaking the iRule (thanks nmenant) for stickyness between the http and ssl sessions, and enabling a streams profile to change any spurious http:// links into https:// (and applying a rechunk http profile with accept-encoding removed), it all seems to work.

This is the iRule we're using:

when HTTP_REQUEST {
 Read from persistence table which pool node the client previously connected to and
 set the IP_ADDR variable to the node IP address
set IP_ADDR [session lookup uie [IP::client_addr]]
 Look for the 'POST' method - a client is posting data back to the portal
if { [HTTP::method] equals "POST" } {
 If the client hasn't yet connected, let the LTM find a suitable node
if {$IP_ADDR == ""} {
 Set the LTM pool to the 'SSL' enabled pool
pool SPS_SSL_pool
} else {
 If the client has previously connected, force the client back to the same node in the pool
pool SPS_SSL_pool member $IP_ADDR 443
} 
}
else {
 Not a 'POST'...
 Disable the LTM-to-server SSL profile (so LTM talks in the clear to IIS)
SSL::disable serverside
 Select the HTTP only pool
 If the client hasn't yet connected, let the LTM find a suitable node
if {$IP_ADDR == ""} {
pool SPS_HTTP_pool
} else {
 If the client has previously connected, force the client back to the same node in the pool
pool SPS_HTTP_pool member $IP_ADDR 80
}
}
}
when LB_SELECTED {
 Record in the persistence table which client is load balanced to which node in a pool
session add uie [IP::client_addr] [LB::server addr] 1200
}

This also requires a default pool to be added.

I hope this can help other people with Sharepoint issues.

Richard