For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MarkM_63051's avatar
MarkM_63051
Icon for Nimbostratus rankNimbostratus
Jan 23, 2012

HTTPS Problem

Hello,

 

 

Up until now using the F5 has been fairly straight forward. Adding HTTPS certificate support for incoming IE connections however has got me stumped. I have watched the online webinar and tried many variations to get it working without success.

 

 

What I am trying to do is to take a working HTTP connection through the F5 to a pool consisting of a pair of Tomcat servers and convert the virtual server connection from HTTP to HTTPS. Wireshark traces show the F5 and the Tomcat communicating with each other and all of the status balls are green. How do I go about debugging my problem? Where do I look to find out what is not happening?

 

 

Regards,

 

 

Mark

 

app sec
BIG-IP Access Policy Manager (APM)
security

34 Replies

Show More
  • MarkM_63051's avatar
    MarkM_63051
    Icon for Nimbostratus rankNimbostratus
    Jan 24, 2012
    Can the http Redirect Rewrite = ALL be built into an iRule? I need to create rules for my pools that use cookie persistance.

     

     

    http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/220/Rewriting-Redirects.aspx
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 24, 2012
    Can the http Redirect Rewrite = ALL be built into an iRule?yes

    e.g. 

    root@ve1100(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.19.252:443
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        clientssl {
            context clientside
        }
        http { }
        tcp { }
    }
    rules {
        myrule
    }
    snat automap
    vlans-disabled
}
root@ve1100(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:8080 {
            address 200.200.200.101
        }
    }
}
root@ve1100(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
    when HTTP_RESPONSE {
   if {[HTTP::is_redirect]} {
      HTTP::header replace Location [string map {"http://200.200.200.101:8080" "https://172.28.19.252"} [HTTP::header Location]]
   }
}
}

[root@ve1100:Active] config  curl -I http://200.200.200.101:8080/test
HTTP/1.1 302 Found
Date: Tue, 24 Jan 2012 23:17:46 GMT
Server: Apache/2.2.3 (CentOS)
Location: http://200.200.200.101:8080/redir/test
Content-Type: text/html; charset=iso-8859-1

[root@ve1100:Active] config  curl -Ik https://172.28.19.252/test
HTTP/1.1 302 Found
Date: Tue, 24 Jan 2012 23:17:57 GMT
Server: Apache/2.2.3 (CentOS)
Location: https://172.28.19.252/redir/test
Content-Type: text/html; charset=iso-8859-1