Forum Discussion
NimbostratusHttp to https redirect is not working for some of the URL
HI,
We have server listening on port 80 and client will access the server on port 443, We have configured TWO virtual servers, the HTTPS VIP that sends to the application, and the HTTP VIP that simply redirects requests to the HTTPS VIP.
There is a IRULE Configured on the Virtual Server listening on port 80, To redirect the traffic from HTTP to HTTPS,
when HTTP_REQUEST { if { [TCP::local_port] == 80 }{ HTTP::redirect "https://[getfield [HTTP::host] ":" 1][HTTP::uri]" } }
We are able to access the webpage through F5 on https , The problem is some of the tab when we click it shows blank pages.
We have tested the website by use only one VS listening on Port 80, everything works well, able to access all the URL , but If i use HTTPS some URLs won't open .
Kindly help on this.
Regards, Midhun P.K
13 Replies
What_Lies_Bene1Cirrostratus
Hmmm. Firstly, you don't need the test for port 80 if the iRule is assigned to a Virtual Server that only listens on port 80.
Regarding the tabs, is Java involved somewhere perhaps?
midhun_108442Hi,
I have done the testing to verify from server side everything is ok .
Yes suspecting Java exception is blocking when we click on the tabs on the webpages
, how to find and resolve this issue.
Regards, Midun P.K
Michael_JenkinsYou could try to use a tool like Fiddler (on Windows, or Charles if you're using a Mac) to monitor the web traffic on your client machine, and see if the request is dying after the redirect is sent back or if it's getting some other kind of response.
Since it sounds like Java, perhaps the applications is not handling the redirect status, and it's trying to use the response instead of resubmitting it.
- midhun_108442
Hi,
I had capture the date using Fiddler for both working and non-working site, below is the difference.
Working using httpGET HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-xpsdocument, / Referer: Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Host: e-correspondence-hosted-t.yesser.egov Connection: Keep-Alive Cookie: ASP.NET_SessionId=t0em4145q4oopl55g50lgh45; MachineName=MachineName Not Found; LOGINUSER=dms_test1
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Encoding: gzip Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Tue, 27 Jan 2015 13:44:20 GMT Content-Length: 9216
Not-working using httpsGET HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-xpsdocument, / Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: e-correspondence-hosted-t.yesser.egov Cookie: ASP.NET_SessionId=xih1gufpkf25p3zqf1vpgjeh; MachineName=10; LOGINUSER=dms_test1
HTTP/1.0 302 Found Location: Server: BigIP Connection: Keep-Alive Content-Length: 0
Can we find out any solution with this
Regards, Midhun P.K
- Michael_JenkinsSo the difference is in the response (with the first being a 200 response and content). The second one is a 302 which says "Try your request again using this URL: xxxx". After the second one (the 302 response), do you get any other requests in Fiddler to the https link? If not, then it sounds like your client is not working with the redirect status. Are you using a java app? If so, is it an in-house application or off the shelf purchased kind of application? If you can talk to the developers, maybe they can help fix the issue with it.
- midhun_108442
Hi,
Yes after this i got response for the https link , below are the details.
GET HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-xpsdocument, / Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Connection: Keep-Alive Cookie: ASP.NET_SessionId=xih1gufpkf25p3zqf1vpgjeh; MachineName=10; LOGINUSER=dms_test1 Host: e-correspondence-hosted-t.yesser.egov
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Encoding: gzip Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Tue, 27 Jan 2015 13:38:52 GMT Content-Length: 9218
GET HTTP/1.1 Accept: / Referer: Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Host: e-correspondence-hosted-t.yesser.egov Connection: Keep-Alive Cookie: ASP.NET_SessionId=xih1gufpkf25p3zqf1vpgjeh; MachineName=10; LOGINUSER=dms_test1
HTTP/1.1 200 OK Content-Type: application/javascript Content-Encoding: gzip Last-Modified: Tue, 29 Apr 2014 15:26:26 GMT Accept-Ranges: bytes ETag: "0bd8762bf63cf1:0" Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Tue, 27 Jan 2015 13:38:52 GMT Content-Length: 32161
Regards, Midhun P.K
- Michael_JenkinsIf you are using Fiddler to check the traffic, do you see any resources that are coming through with 400 level errors? Or does it seem that everything is coming back fine, and Java is just not acting right?
- midhun_108442
Hi,
No i didn't see error 400 on the captured file , Only error i found is that which i have posted before.
Regards Midhun P.K
- Michael_JenkinsStrange. Not sure what it might be then. Have you tried different browsers, or different versions of java (or played with Java settings) just to see if that may help?
- midhun_108442
Hi,
Yes i have tried different browser, All have the same behavior. IS there anything we can do with Stream option
Regards Midhun P.K
- Michael_Jenkins
Stream is used for modifying response data, so if you were thinking that because the page is loaded with HTTPS and if it tries to load an embedded resource on HTTP and blocks it because it's "insecure", you could rewrite
tohttp://
.https://The easiest way to do that would be to create a stream profile with source and target strings
andhttp://
. (Note this may cause problems if you really need http on any resource, so you may want to consider adding the domain name to it.https://If you need to use the STREAM command in an iRule, you can do that for greater flexibility.
Then you could check Fiddler and look at the actual response and see if HTTP:// has been switched.
- midhun_108442
Hi,
Below is the actual response getting for the page with http, can you help me write a iRULE using stream command .
GET HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-xpsdocument, / Referer: Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Accept-Encoding: gzip, deflate Host: e-correspondence-hosted-t.yesser.egov Connection: Keep-Alive Cookie: ASP.NET_SessionId=t0em4145q4oopl55g50lgh45; MachineName=MachineName Not Found; LOGINUSER=dms_test1
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Encoding: gzip Vary: Accept-Encoding Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Tue, 27 Jan 2015 13:44:20 GMT Content-Length: 9216
Regards, Midhun P.K
- Michael_Jenkins
For an example on an iRule, your best bet is to read through the STREAM::expression wiki page, as it has examples that talk about close to exactly what you want. You should be able to use code from there with little (maybe no) modification.
And keep the HTTP VIP iRule for the redirect, and attach the new iRule using STREAM to your HTTPS VIP (and don't forget to add an empty stream profile to the HTTPS vip itself)
