HTTP Redirection from Web Server breaks SSL Termination

Question

I have VS on port 443  , it has SSL profile to do SSL termination &amp; forward to pool ( on port 80 ) .&nbsp;
so communication between user &amp; F5 is HTTPS  , between F5 &amp; Web Server is HTTP .&nbsp;
most URLs is working fine , but for some url i can see that when i click on it i get " page cannot be displayed "  &amp; that the browser used HTTP not HTTPS .&nbsp;
i checked web server code &amp; found statements redirecting to HTTP for these URLs , like the below :&nbsp;
getURLHome: function() {&nbsp;
                                        return "http://erod.siucex.com/web/signin";&nbsp;
So , form above it redirects users to HTTP  , which breaks HTTPS Termination . &nbsp;
shall i ask webserver admin to cahnge that to "https"  , but he should only understand HTTP not HTTPS ???&nbsp;
i was expecting that BIGPIP will change it automatically to HTTPS before forwarding to nuser &nbsp;
 &nbsp;

what_lies_bene1 · Answer

Can you confirm that the user gets a redirect (a HTTP 301 or 302)? If so you can modify the HTTP Profile assigned to the VS and enable Redirect Rewrite and the F5 will indeed rewrite the response to HTTPS, but only for HTTP redirects.&nbsp;
&nbsp;
If not you have four options;&nbsp;
&nbsp;
1) Change the application code to https://&nbsp;
2) Make the links relative not absolute (change the app code again)&nbsp;
3) Use a stream profile to have the F5 rewrite all http:// links in server responses (including in payload)&nbsp;
4) Configure a port 80 VS that will redirect any http:// requests to https://&nbsp;
Sorry Nathan ;-)&nbsp;

nathe · Answer

Doh! Just about to press Submit and get emailed saying I've been pipped by What Lies Beneath.... 
&nbsp;  
&nbsp; Was gonna suggest a Stream Profile too. 
&nbsp;  
&nbsp; Couple of good articles on this here: 
&nbsp;  
&nbsp; http://www.thef5guy.com/blog/2011/09/having-fun-with-stream-profiles/ 
&nbsp;  
&nbsp; https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/101/LTM-stream-profile-Multiple-replacements-regular-expressions.aspx 
&nbsp;  
&nbsp; N

hoolio · Answer

As WLB said, the first two options are the simplest from an LTM perspective.&nbsp;
&nbsp;
Here's an example for rewriting the response headers and payload as listed in 3):&nbsp;
https://devcentral.f5.com/wiki/iRules.HTTPS-offload-rewriting.ashx&nbsp;
&nbsp;
Option 4) won't work well if the app requests the client make a POST request via HTTP on port 80. Any of the first three options should work well though.&nbsp;
&nbsp;
Aaron&nbsp;

sshssh_97332 · Answer

Thanks Alot alll  .  we did 2 &amp; 4  . both worked &nbsp;

what_lies_bene1 · Answer

Wonderful. You're welcome.

Forum Discussion

HTTP Redirection from Web Server breaks SSL Termination

5 Replies

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

How to Verify config before loading to F5

Logical Disk Full to Migrate rSeries

HSL - Local TimeZone - in syslog server

VIP control across data centers - how to ensure only 1 VIP is up at a time?

Related Content

F5 HTTPS Redirect 2025

FTPS_SSL_ Termination

F5 MCP(Model Context Protocol) Server

AI Friday Episode 3: Snowstorms, Truth Terminal, MCP & AGI Insights

SSL Termination

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS