For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RobS's avatar
RobS
Icon for Altostratus rankAltostratus
Jan 22, 2014

HTTP to HTTPS policy injecting "/Location: https:///" into URL and breaking application

We have an application I'm load balancing with my LTMs that I was initially told would just need basic load balancing and http to https redirection. Now I find out they are running it out of Citrix s...
application delivery
citrix
design
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jan 22, 2014

Interesting. In the absence of any other influences, the iRule (and most probably the policy) would not be inserting anything into the redirect URI that wasn't in the original URI. So that leads me to believe there are other influences at play. Do you have any other iRules applied to the HTTP and/or HTTPS VIPs? Can you run a client side traffic analyzer like Fiddler or HTTPWatch to see where the "Location" string is introduced into the URI? Can you also capture on the server side, traffic coming directly from the web server, to see if the Location string is coming from there?