Forum Discussion
HTTP to HTTPS
Generally with http-to-https redirection you would have two VS's with the same destination IP on different ports (eg. 80 & 443). There is a default iRule which will work for this (_sys_https_redirect). You will not be able to create one VS on 8050 without SSL profiles and another on the same port without SSL profiles to redirect to.
Why does your front end VS need to be listening on 8050 specifically? Could you not just do the generic 80/443 scenario I mentioned and if you backend pool members are listening on 8050 (ssl or otherwise), configure them as such.
- Joseph_Johnson_Apr 25, 2016NimbostratusHi, Thanks for you answer! The reason is because the business is using multiple oracle apps that are on different ports. For example, http://oracle-test:8050 is one app and http://oracle-test:8090 is another app. I have a VIP configured that is listening on Port 0, and an irule that will check the port coming in appended to the URL and pass it to the associated Pool for that port. Now they want to utilize HTTPS. They can browse to the direct link https://oracle-test:8050 but they want to be able to redirect if a user just types in http://oracle-test:8050 to https://oracle-test:8050. Is there anything in the https header that we can pull out so that for example it an http request comes in redirect to https but if the [HOST]URL is HTTPS then do nothing and just let the traffic pass through? I know this may be convoluted but thanks for you response.
- shopkeeper56_23Apr 25, 2016CirrostratusSo just to make sure I'm clear... you would like the following flow.... Client to VS is HTTP on the 80xx port. Then SSL on the connection between the Big IP and the Pool member (again on 80xx port)? All you would need to make this work is an Server SSL profile (using a certificate trusted by your Oracle hosts) and apply it to the VS
- Joseph_Johnson_Apr 25, 2016NimbostratusWhere would the redirect come into play. Remember, all of this is happening on the same VIP, I don't see how HTTP and HTTPS would use SSL on the same VIP simultaneously.
- shopkeeper56_23Apr 26, 2016CirrostratusI dont see why you couldn't make the virtual server with no client SSL profile (aka HTTP between client and Big IP), then use a server SSL profile (SSL between Big IP and Server). This can all be done on the same VIP. This I think does what your describing does it not?
- Theo_12742Apr 26, 2016CirrusFurthermore, I would make the comment to the Oracle developers that they had to change the SSL settings for their port, and it's unrealistic to presume you wouldn't have to as well. The problem lies with order of operations: SSL is negotiated before HTTP comes into play (where you would redirect). I don't know of a way you could, though it may be possible if you could (using an iRule) detect whether SSL is used at an earlier event (like CLIENT_CONNECTED, where you can disable SSL).
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com