Forum Discussion
NimbostratusHTTP and HTTPS VIPs
Hi have some problem: have HTTP and HTTPS VIPs (the same IP). So basically http working fine.
Problem with HTTPS. when i am accessing site https://www.site.com i access it as https (as expect) but when i pressing anything in it and going deeper, site becoming http. Maybe have idea what the problem can be?
By the way i am using the same pool for both VIPs. SSL terminated to LTM and LTM-serves going http on 80.
thanks
Henrik_GyllkranMy guess is that the application generates links according to the protocol that the application was called on. So since the traffic between the BIG-IP and the server is http, the links become http instead of https. Either that or there are actually hard coded links in the application to http.
There are a few ways to deal with that - we could do a redirect of all http to https, but that will cause a lot of going back and forth between http and https by the client and isn't a very pretty solution. A far more powerful solution is to use the BIG-IP to in essence do a search and replace of http://www.site.com to https://site.com in the responses from the server. For instance by way of the stream profile,
- P_K
Altostratus
As Henrik said, you could use a stream profile to replace http with https. See below
- Create a stream profile under Local Traffic -> Profiles -> Other -> stream.
- In the Target setting type
@http://www.site.com/@https://www.site.com/@@ - Assign this to your https VIP..
Hope this helps!
RaghavendraSY_7Cumulonimbus
What profile is configured for http and https virtual servers
aandreyy_293459https VIP: + stream iRule
Protocol Profile (Client)TCP
Protocol Profile (Server) tcp
HTTP Profilehttp
FTP Profilenone
RTSP Profilenone
SOCKS Profilenone
Stream Profilestream (source and target empty)
XML Profilenone
http VIP:
Protocol Profile (Client)TCP
Protocol Profile (Server) tcp
HTTP Profilehttp
FTP Profilenone
RTSP Profilenone
SOCKS Profilenone
Stream Profilesome_profile:target: @@
XML Profilenone
- RaghavendraSY_7
Any iRules are assigned to VIP's?
- aandreyy_293459yes, as i said to https i assigned stream iRule
when HTTP_REQUEST { tell server not to compress response HTTP::header remove Accept-Encoding
disable STREAM for request flow STREAM::disable} when HTTP_RESPONSE {
}catch and replace redirect headers if { [HTTP::header exists Location] } { HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header Location]] } only look at text data if { [HTTP::header Content-Type] contains "text" } { create a STREAM expression to replace any http:// with https:// STREAM::expression {@http://@https://@} enable STREAM STREAM::enable }also exists 301 redirect iRule
when HTTP_REQUEST { if { [HTTP::uri] contains "*****" } { HTTP::respond 301 Location "https://w" } }
and maintenance page iRule.
By the way there are 2 web sites on the same server behind this VIP. And looks like one site performs well.
- RaghavendraSY
What profile is configured for http and https virtual servers
- aandreyy_293459
https VIP: + stream iRule
Protocol Profile (Client)TCP
Protocol Profile (Server) tcp
HTTP Profilehttp
FTP Profilenone
RTSP Profilenone
SOCKS Profilenone
Stream Profilestream (source and target empty)
XML Profilenone
http VIP:
Protocol Profile (Client)TCP
Protocol Profile (Server) tcp
HTTP Profilehttp
FTP Profilenone
RTSP Profilenone
SOCKS Profilenone
Stream Profilesome_profile:target: @@
XML Profilenone
- RaghavendraSY
Any iRules are assigned to VIP's?
- aandreyy_293459yes, as i said to https i assigned stream iRule
when HTTP_REQUEST { tell server not to compress response HTTP::header remove Accept-Encoding
disable STREAM for request flow STREAM::disable} when HTTP_RESPONSE {
}catch and replace redirect headers if { [HTTP::header exists Location] } { HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header Location]] } only look at text data if { [HTTP::header Content-Type] contains "text" } { create a STREAM expression to replace any http:// with https:// STREAM::expression {@http://@https://@} enable STREAM STREAM::enable }also exists 301 redirect iRule
when HTTP_REQUEST { if { [HTTP::uri] contains "*****" } { HTTP::respond 301 Location "https://w" } }
and maintenance page iRule.
By the way there are 2 web sites on the same server behind this VIP. And looks like one site performs well.
- aandreyy_293459
http has "Default Persistence Profilemultiple" actually not sure what that mean. Also has redirect rule and some iRule not sure what that means
when HTTP_REQUEST { if {[HTTP::cookie "__utma"] ne ""} { Replace the last Set-Cookie header value with the same value and ; HttpOnly appended
HTTP::header replace Set-Cookie "[HTTP::header Set-Cookie]; HttpOnly" } }when HTTP_RESPONSE { if {[HTTP::cookie "cookie_name"] ne ""} { Replace the last Set-Cookie header value with the same value and ; HttpOnly appended
HTTP::header replace Set-Cookie "[HTTP::header Set-Cookie]; HttpOnly" }
}just got info from web server guys that performance issue should be because of pictures that sends out not compressed now, because of load balancer miss configuration.
they are saying i need bypass images, have any ideas what can be done toward that ?
thanks for help
- RaghavendraSY
I feel you need to open a ticket with F5 vendor for your requirement. It seems to be little weird one.
- aandreyy_293459
for me looks like simple task now :) I believe when iRule "HTTP::header remove Accept-Encoding" disable encoding and need enable back. Can i be right?
- aandreyy_293459
by the way just started reading/looking, but maybe someone can advice how to do that?
- aandreyy_293459
Now in this discussion big mess. But i moving forward basicaly now need solve one more problem. After applying stream iRule that replace http to https in https web page svg format images not loading. So waiting for advice.
Thanks
