For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nathan_Andrews_'s avatar
Nathan_Andrews_
Icon for Nimbostratus rankNimbostratus
Dec 06, 2013

iRule required to rewrite the form HTTP POST to use port 443

Hi,   I have an issue at present whereby I cannot login to a web app that is currently load balanced. I currently have an HTTP class profile that redirects HTTP clients to use HTTPS.   I logge...
application delivery
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Dec 06, 2013

There is a fairly common problem, where a server that doesn't understand that it's behind an SSL offloading proxy, will continue to send HTTP absolute URLs. There is at least two places where a server can tell the client to talk to it on HTTP vs HTTPS.

 

  1. In the response headers - a redirect is caused by a 30x type resoonse message and a Location header. The easiest way to overcome this is with the Redirect Rewrite setting in the HTTP profile. Enabling this tells the LTM to replace any HTTP Location header references with HTTPS for 30x responses.

     

  2. In the response payload - when the returned page contains absolute URL references to document elements (ie. images, JavaScript, CSS, etc.), your best bet is a fairly straight forward STREAM iRule applied to the VIP. Assign an empty STREAM profile (the parent profile will do) and your iRule. Take a look at the example on the STREAM::expression wiki page.

     

    https://devcentral.f5.com/wiki/iRules.STREAM__expression.ashx