Forum Discussion
NimbostratusHTTPS to HTTPS:9443 redirect
Hi, I'm trying to redirect https://xyz.com to https://xyz.com:9443 but for some reason I'm getting an error (too many redirect clear your cookies). In order for this redirect to happen I know that traffic needs to be decrypted first and then re-encrypted and sent encrypted to the final destination.
VIP_443; IP:10.10.10.10; SSL Profile (Client) - Wildcard cert; Pool: no; Irule: yes; Source Address Translation (none)
VIP_9443; IP:10.10.10.10; SSL Profile (Clinet): none; Pool_9443; Source Address Translation(AutoMap); Irule: none
when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":9443" 1][HTTP::uri] }
Thanks in Advance
- Kevin_Davies
Nacreous
Try this and see if it helps...
when HTTP_REQUEST { HTTP::redirect "https://[getfield [HTTP::host] {:} 1]:9443[HTTP::uri]" } 
Amy003_314955Cirrus
Once the HTTPS session is built, there won't be any possibility of seeing the traffic unless it gets decrypted. Then the redirection should be pointed at port 443 on the HTTP VIP. So it appears, you will have to create three VIPs in the following fashion.
VIP:80 ; VIP:443 ; VIP:9443 ;
Traffic would hit on 443, get decrypted on 80 and then again get encrypted for 9443. Please let me know how it goes.
Kevin_Davies_33Amy this is not correct. The traffic on the 443 virtual server is decrypted with the cert as shown by client SSL.
- Amy003_314955
Hi Kevin,
 
I have tested the irule config and it did not work. Also, I referred the dev central link which is - https://https://devcentral.f5.com/s/feed/0D51T00006i7SQhSAM.
 
Please go through Deb Allen's comments on this link.
 
- Kevin_Davies
Amy,
We have two distinct virtual servers, no wildcards. We are redirecting https to https. The original post indicates we want to redirect from 443 to 9443. If you apply my iRule above to the first virtual server it will decrypt the client traffic then send a 302 redirect to the client to the same destination on port 9443 using https. The client will then follow that redirect and establish a new connection to port 9443 and the traffic will continue on to the pool member.
Please can you explain to me where the problem is?
Amresh008Once the HTTPS session is built, there won't be any possibility of seeing the traffic unless it gets decrypted. Then the redirection should be pointed at port 443 on the HTTP VIP. So it appears, you will have to create three VIPs in the following fashion.
VIP:80 ; VIP:443 ; VIP:9443 ;
Traffic would hit on 443, get decrypted on 80 and then again get encrypted for 9443. Please let me know how it goes.
- Kevin_Davies_33
Amy this is not correct. The traffic on the 443 virtual server is decrypted with the cert as shown by client SSL.
- Amresh008
Hi Kevin,
I have tested the irule config and it did not work. Also, I referred the dev central link which is - https://devcentral.f5.com/questions/need-help-with-redirect-https-to-http.
Please go through Deb Allen's comments on this link.
- Kevin_Davies
Amy,
We have two distinct virtual servers, no wildcards. We are redirecting https to https. The original post indicates we want to redirect from 443 to 9443. If you apply my iRule above to the first virtual server it will decrypt the client traffic then send a 302 redirect to the client to the same destination on port 9443 using https. The client will then follow that redirect and establish a new connection to port 9443 and the traffic will continue on to the pool member.
Please can you explain to me where the problem is?
- Amresh008
Once the HTTPS session is built, there won't be any possibility of seeing the traffic unless it gets decrypted. Then the redirection should be pointed at port 443 on the HTTP VIP. So it appears, you will have to create three VIPs in the following fashion.
VIP:80 ; VIP:443 ; VIP:9443 ;
Traffic would hit on 443, get decrypted on 80 and then again get encrypted for 9443. Please let me know how it goes.
- Kevin_Davies_33
Amy this is not correct. The traffic on the 443 virtual server is decrypted with the cert as shown by client SSL.
- Amresh008
Hi Kevin,
I have tested the irule config and it did not work. Also, I referred the dev central link which is - https://devcentral.f5.com/questions/need-help-with-redirect-https-to-http.
Please go through Deb Allen's comments on this link.
- Kevin_Davies
Amy,
We have two distinct virtual servers, no wildcards. We are redirecting https to https. The original post indicates we want to redirect from 443 to 9443. If you apply my iRule above to the first virtual server it will decrypt the client traffic then send a 302 redirect to the client to the same destination on port 9443 using https. The client will then follow that redirect and establish a new connection to port 9443 and the traffic will continue on to the pool member.
Please can you explain to me where the problem is?
