Forum Discussion

Emre007_204577's avatar
Emre007_204577
Icon for Nimbostratus rankNimbostratus
Jun 01, 2015

irule for http => https redirect

Hi,   What irule should we use for http to https redirect. Our application type is json. If we use standard redirect we have session errors on our application because of response I guess.   Tha...
application delivery
devops
iRules
Emre007_204577's avatar
Emre007_204577
Icon for Nimbostratus rankNimbostratus
Jun 04, 2015

Hi Hannes,

 

Rule we are using: when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri]" }

 

Responses to commands:

 

:/S1-green-P:Active:Changes Pending] ~ curl -vl http://10.15.195.68/Logistics/signin.jsp * About to connect() to 10.115.195.168 port 80 (0) * Trying 10.15.195.68... connected * Connected to 10.15.195.68 (10.115.195.168) port 80 (0)

 

GET /Logistics/signin.jsp HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8y zlib/1.2.3 libidn/0.6.5 Host: 10.15.195.68 Accept: /

 

  • HTTP 1.0, assume close after body < HTTP/1.0 302 Found < Location: https://10.115.195.168/Logistics/signin.jsp < Server: BigIP
  • HTTP/1.0 connection set to keep alive! < Connection: Keep-Alive < Content-Length: 0 <
  • Connection 0 to host 10.15.195.68 left intact
  • Closing connection 0

:/S1-green-P:Active:Changes Pending] ~ curl -vl https://10.15.195.68/Logistics/signin.jsp * About to connect() to 10.15.195.68 port 443 (0) * Trying 10.15.195.68... connected * Connected to 10.15.195.68 (10.15.195.68) port 443 (0) * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection 0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html

 

curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. :/S1-green-P:Active:Changes Pending] ~