Forum Discussion
ltmbanter_43291
Nimbostratus
NimbostratusHTTPS to HTTP
Hello,
I am moving my HA Pair to a new location. During the move I have a LTM 1600 that will redirect requests to a maintenance page. I am planning on just adding an irule to each VIP that will redirect HTTP requests to the Maintenance Page URL.
ie.
when HTTP_REQUEST {
HTTP::redirect "http://x.y.z"
}
This works for HTTP requests, but how do I handle my VIPs that serve HTTPS?
Thanks
Michael_YatesThe answer depends on the Virtual Server setup.
Do your SSL Certificates reside on the F5? Meaning, do you have a Client SSL Profile enabled on the HTTPS Virtual Server?
If you do, then the same iRule will work without causing any issues.
If the HTTPS Virtual Server does not have a Client SSL Enabled (The SSL Certificate is applied on the Server) then you will need to put your redirect to your maintenance page in the location that has the SSL Certificate in order to prevent any SSL Certificate Errors from being displayed to your customers.
ltmbanter_43291I use client SSL for my VIPs. I missed setting the client ssl profile on the 443 instance I created for testing. Thanks for the quick response!- ltmbanter_43291I use client SSL for my VIPs. I missed setting the client ssl profile on the 443 instance I created for testing. Thanks for the quick response!
- Michael_YatesOK. That makes things easier for you.
As long as the F5 has the SSL Certificate that matches the incoming URL and can properly respond to the client preventing an SSL Certificate Error, then you can do whatever you want after that.
It has to do with the order that the events are processed in. As you can see below, the SSL Handshake and Certificate Verification come before the HTTP_REQUEST iRule Event:
RULE_INIT
CLIENT_ACCEPTED
CLIENTSSL_HANDSHAKE
CLIENTSSL_CLIENTCERT
HTTP_REQUEST - ltmbanter_43291Awesome, thanks again.