HTTP to HTTPs on High Ports

An iRule-based stream profile will definitely get rid of the port, which would show up in the Host header. The first thing you have to find out though is WHY it's failing. Here are some thoughts and possible troubleshooting steps.

1. It should already be set, but make sure port translation is enabled on the virtual server. From there run a TCPDUMP from the F5's command shell and watch traffic between the F5 and the server. You should see the 443 traffic, which I assume ends with a reset from the server AFTER the handshake. If you know that traffic is making it to the server, and that they're at least negotiating the initial TCP handshake, that there must be something going on higher in the stack.

2. Observe the server logs for anything anomalous.

3. Run an SSLDUMP between the F5 and the server. This will allow you to see the payload.

ssldump -k -i 0.0 -AdNn port 443

where

-k is the path to the private key that the server uses for SSL. You'll need to copy that to the F5.

-i is the interface. We're saying any interface, though you can be more specific

-AdNn is some switches to make the output easier to read

"port 443" is the filter. Unlike TCPDUMP this command absolutely requires a filter. You can again be more specific if necessary.

What we're looking for is something in the server payload that may indicate that it doesn't like the port in the Hosts header. Anything anomalous.

4. Look at the client side to see if you're getting anything weird there. A redirect to a weird port or address, an odd message, anything. You may need to compare all of this data to a working connection that uses port 80 (without the port in the Hosts header).

5. Finally, you can manually change the Hosts header in the Request payload by issuing the HTTP::header replace Host command.

when HTTP_REQUEST {
    HTTP::header replace Host 
}