Forum Discussion
NimbostratusiRule to convert server side http response to https for a multi-vhost wild card ssl Sharepoint cluster
I have two VIPs for a sharepoint cluster: one port 80 and the other port 443. The port 80 VIP has no resources behind it, just a simple and very elegant irule that flips the request to https and, if anyone is stupid enough, strips www from their request:
when HTTP_REQUEST { if {([string tolower [HTTP::host]] starts_with "www.")} { HTTP::redirect "https://[string range [HTTP::host] 4 end][HTTP::uri]" return } elseif { [TCP::local_port] == 80 } { HTTP::redirect https://[HTTP::host][HTTP::uri] return } }
Works like a charm. The communication between the server and the f5 though is http so the server responds with http requests. This causes a problem for the sharepoint server with javascript and looks very confusing from the client-side as they are told to make an http request which forces another re-direct. I need to create an iRule for these vhosts on the port 443 VIP that re-writes the packet. Looking at the site I modified some suggestions to accomplish it but the f5 rejected it. I am new to iRules so I wasn't surprised. I wonder if anyone has some suggestions. Here was my attempt:
when HTTP_RESPONSE { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] }
1 Reply
- Kai_Wilke
MVP
Hi Victor,
The most elegant way to SSL-Offload SharePoints (aka. Off-Box SSL Termination) is to not rewrite anything. So you may try...
- Create an additional SharePoint AAM for (without binding an IIS-Listener to :443)
- Attach the iRule below to your HTTPS Virtual Server
Front-End-Https iRule
when HTTP_REQUEST { HTTP::header insert "Front-End-Https" "On" }Cheers, Kai
