Forum Discussion

Shiva_109949's avatar
Shiva_109949
Icon for Nimbostratus rankNimbostratus
Aug 14, 2012

http to https redirection for outbound traffic

Hi Folks,

 

 

My customer has a requirement as per the scenario below

 

 

Client/server-----F5-----Cisco ASA Firewall-----Internet-----Destination Server

 

 

Client's http request----F5(should translate the http request into https)----when accessing the Destination Server

 

 

 

 

The application on the Client behind the F5 can make only http requests not https therefore they want us to do something on the F5 that can translate the clients http request to https and viceversa when the client communicates with the Destination server. the destination server only accepts https connection requests. Is this possible to achieve using the F5. We do not manage the Destination Server or the remote infrastructue.

 

 

Any help would be very much appreciated.

 

 

Thanks in advance

 

 

Shiva

 

 

 

 

 

application delivery
dev
devops
iRules
  • Brian_69413's avatar
    Brian_69413
    Icon for Nimbostratus rankNimbostratus
    Aug 14, 2012
    Yes, you can use a serverssl profile on the virtual server and put the destination server in the pool...maybe without a monitor.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Aug 14, 2012
    e.g. 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 173.194.38.151:80
   ip protocol 6
   profiles {
      serverssl {
         serverside
      }
      tcp {}
   }
   vlans internal enable
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 173.194.38.151:443 {}
}

 on client

[root@centos101 ~] curl -I http://173.194.38.151
HTTP/1.1 200 OK
Date: Tue, 14 Aug 2012 14:32:13 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: NID=62=HQkMlnpO7aqvjw0ydlPiFkrL9X_kdNoipDTecfFrhU3zbkURRAQxH6dsxpgqaEhDku-eaCNKUaGWIQItjdLgiFgGn_gZYPvWbceoe-eMS7r7diOAojNWRkxyaxFEM9lQ; expires=Wed, 13-Feb-2013 14:32:13 GMT; path=/; domain=.; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked

 on bigip

[root@ve10:Active] config  tcpdump -nni 0.0 port 80 or port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
22:29:48.289439 IP 200.200.200.101.51015 > 173.194.38.151.80: S 68794826:68794826(0) win 5840 
22:29:48.289475 IP 173.194.38.151.80 > 200.200.200.101.51015: S 1283460170:1283460170(0) ack 68794827 win 4380 
22:29:48.300533 IP 200.200.200.101.51015 > 173.194.38.151.80: . ack 1 win 46 
22:29:48.300573 IP 172.28.19.80.51015 > 173.194.38.151.443: S 734532218:734532218(0) win 4380 
22:29:48.307674 IP 173.194.38.151.443 > 172.28.19.80.51015: S 2152619634:2152619634(0) ack 734532219 win 14180 
22:29:48.307685 IP 172.28.19.80.51015 > 173.194.38.151.443: . ack 1 win 4380 
...
  • Shiva_109949's avatar
    Shiva_109949
    Icon for Nimbostratus rankNimbostratus
    Aug 14, 2012
    Thank you guys, i will give it a go and let you know.

     

     

    Regards,

     

    Shiva