Forum Discussion
Shiva_109949
Aug 14, 2012Nimbostratus
http to https redirection for outbound traffic
Hi Folks,
My customer has a requirement as per the scenario below
Client/server-----F5-----Cisco ASA Firewall-----Internet-----Destination Server
Client's http request----F5(should translate the http request into https)----when accessing the Destination Server
The application on the Client behind the F5 can make only http requests not https therefore they want us to do something on the F5 that can translate the clients http request to https and viceversa when the client communicates with the Destination server. the destination server only accepts https connection requests. Is this possible to achieve using the F5. We do not manage the Destination Server or the remote infrastructue.
Any help would be very much appreciated.
Thanks in advance
Shiva
- Brian_69413NimbostratusYes, you can use a serverssl profile on the virtual server and put the destination server in the pool...maybe without a monitor.
- nitassEmployeee.g.
[root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 173.194.38.151:80 ip protocol 6 profiles { serverssl { serverside } tcp {} } vlans internal enable } [root@ve10:Active] config b pool foo list pool foo { members 173.194.38.151:443 {} } on client [root@centos101 ~] curl -I http://173.194.38.151 HTTP/1.1 200 OK Date: Tue, 14 Aug 2012 14:32:13 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 Set-Cookie: NID=62=HQkMlnpO7aqvjw0ydlPiFkrL9X_kdNoipDTecfFrhU3zbkURRAQxH6dsxpgqaEhDku-eaCNKUaGWIQItjdLgiFgGn_gZYPvWbceoe-eMS7r7diOAojNWRkxyaxFEM9lQ; expires=Wed, 13-Feb-2013 14:32:13 GMT; path=/; domain=.; HttpOnly P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." Server: gws X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Transfer-Encoding: chunked on bigip [root@ve10:Active] config tcpdump -nni 0.0 port 80 or port 443 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes 22:29:48.289439 IP 200.200.200.101.51015 > 173.194.38.151.80: S 68794826:68794826(0) win 5840 22:29:48.289475 IP 173.194.38.151.80 > 200.200.200.101.51015: S 1283460170:1283460170(0) ack 68794827 win 4380 22:29:48.300533 IP 200.200.200.101.51015 > 173.194.38.151.80: . ack 1 win 46 22:29:48.300573 IP 172.28.19.80.51015 > 173.194.38.151.443: S 734532218:734532218(0) win 4380 22:29:48.307674 IP 173.194.38.151.443 > 172.28.19.80.51015: S 2152619634:2152619634(0) ack 734532219 win 14180 22:29:48.307685 IP 172.28.19.80.51015 > 173.194.38.151.443: . ack 1 win 4380 ...
- Shiva_109949NimbostratusThank you guys, i will give it a go and let you know.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects