I'm new at this and I trying to redirect an https (443) request to an Apache/Tomcat server with the url of . When I try to connect to it with I get an error. Please assist. Thanks!

what is url user sends to https virtual server? where is the apache/tomcat? is it pool member of the https virtual server or is it external server? what url do you want to send to it?

The https request goes to a virtual server and then to apache/tomcat. The virtual server is working fine and can see the apache/tomcat. I can connect dircetly to the apache/tomcat using but if I try to connect using that is where my problem lies. I need to have an iRule that when a request comes in to direct it specfically to site.html. Thx for the response!

not sure if i understand correctly. e.g. [root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:443 ip protocol 6 rules myrule profiles { clientssl { clientside } http {} tcp {} } } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:8080 {} } [root@ve10:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { if {[HTTP::uri] eq "/"} { HTTP::uri "/site.html" } } } [root@ve10:Active] config ssldump -Aed -nni 0.0 port 443 or port 8080 -k /config/ssl/ssl.key/default.key New TCP connection 1: 172.28.19.251(39545) <-> 172.28.19.79(443) 1 1 1345486212.2547 (0.0101) C>S SSLv2 compatible client hello 1 2 1345486212.2547 (0.0000) S>CV3.1(81) Handshake 1 3 1345486212.2547 (0.0000) S>CV3.1(953) Handshake 1 4 1345486212.2547 (0.0000) S>CV3.1(4) Handshake 1 5 1345486212.2565 (0.0017) C>SV3.1(262) Handshake 1 6 1345486212.2565 (0.0000) C>SV3.1(1) ChangeCipherSpec 1 7 1345486212.2565 (0.0000) C>SV3.1(36) Handshake 1 8 1345486212.2816 (0.0251) S>CV3.1(1) ChangeCipherSpec 1 9 1345486212.2816 (0.0000) S>CV3.1(36) Handshake 1 10 1345486212.2836 (0.0019) C>SV3.1(175) application_data --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(39545) <-> 200.200.200.101(8080) 1345486212.2845 (0.0007) C>S --------------------------------------------------------------- HEAD /site.html HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* ---------------------------------------------------------------

The frontend site is https://something.something.com which is to the virtual server, which is then supposed to forward to http://host:8080/site.html. Our problem is getting to the /site.html part. Thx!

You can create a iRule that does the following like Nitass sates when HTTP_REQUEST { if { [HTTP::uri] equals "/" } { HTTP::uri "/site.html" } The iRule when then cause the URI to to the server to be /site.html. Now if you want you change change it to a full redirect this will force the customer URI to change so if they bookmark the site it will be correct. HTTP::redirect "http://[HTTP::host]:8080:/site.html or HTTP::redirect "https://[HTTP::host]/site.html

iRule to redirect | DevCentral

25 Replies

smp_86112
Cirrostratus
Aug 21, 2012
I think the key might be the content of the chunked data. Can you try that curl request again with the -v option and post the HTML content?
Al_3585
Nimbostratus
Aug 21, 2012
Thanks for your time and help.

[admin@:Active] ~ curl -v -I[admin@:Active] ~ curl -v -I -H "Host:itlml.affsc.." -H "Host:itlml.affsc.."

* Trying xxx.x.xxx.26... connected

* Connected to xxx.x.xxx.26 (xxx.x.xxx.26) port 8080

> HEAD /vminet.html HTTP/1.1

> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

> Accept: */*

> Host:itlml.affsc..

>

< HTTP/1.1 200 OK

HTTP/1.1 200 OK

curl: option -I[admin@:Active]: is unknown

curl: try 'curl --help' or 'curl --manual' for more information

< Server: Apache-Coyote/1.1

Server: Apache-Coyote/1.1

[admin@:Active] ~ * About to connect() to xxx.x.xxx.26 port 8080

-bash: syntax error near unexpected token `('

[admin@:Active] ~ * Trying xxx.x.xxx.26... connected

-bash: SSL: command not found

[admin@:Active] ~ * Connected to xxx.x.xxx.26 (xxx.x.xxx.26) port 8080

-bash: syntax error near unexpected token `('

[admin@:Active] ~ > HEAD /vminet.html HTTP/1.1

-bash: /vminet.html: No such file or directory

[admin@:Active] ~ > User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

-bash: syntax error near unexpected token `('

[admin@:Active] ~ > Accept: */*

-bash: SSL/rui.crt: Permission denied

[admin@:Active] ~ > Host:itlml.affsc..

[admin@:Active] ~ >

-bash: syntax error near unexpected token `newline'

[admin@:Active] ~ < HTTP/1.1 200 OK

-bash: HTTP/1.1: No such file or directory

[admin@:Active] ~ HTTP/1.1 200 OK

-bash: HTTP/1.1: No such file or directory

[admin@:Active] ~ < Server: Apache-Coyote/1.1

-bash: Server:: No such file or directory

[admin@:Active] ~ Server: Apache-Coyote/1.1

-bash: Server:: command not found

[admin@:Active] ~ < Set-Cookie: JSESSIONID=0D29770EA5D3BD90A1C10D516BE135E0; Path=/

-bash: Set-Cookie:: No such file or directory

[admin@:Active] ~ Set-Cookie: JSESSIONID=0D29770EA5D3BD90A1C10D516BE135E0; Path=/

-bash: Set-Cookie:: command not found

[admin@:Active] ~ < Content-Type: text/html;charset=UTF-8

-bash: Content-Type:: No such file or directory

[admin@:Active] ~ Content-Type: text/html;charset=UTF-8

-bash: Content-Type:: command not found

[admin@:Active] ~ < Transfer-Encoding: chunked

-bash: Transfer-Encoding:: No such file or directory

[admin@:Active] ~ Transfer-Encoding: chunked

-bash: Transfer-Encoding:: command not found

[admin@:Active] ~ < Date: Tue, 21 Aug 2012 21:03:14 GMT

-bash: Date:: No such file or directory

[admin@:Active] ~ Date: Tue, 21 Aug 2012 21:03:14 GMT

-bash: Date:: command not found

[admin@:Active] ~

[admin@:Active] ~ * Connection 0 to host xxx.x.xxx.26 left intact

-bash: Accept:: command not found

[admin@:Active] ~ * Closing connection 0
Al_3585
Nimbostratus
Aug 21, 2012
I ran it gain with the following results:

login as: admin

Using keyboard-interactive authentication.

Password:

Last login: Tue Aug 21 15:15:51 2012 from xxx.x.xxx.252

[admin@:Active] ~ curl -v -I http://xxx.x.xxx.26:8080/vminet.html -H "Host:itlml.affsc.af.mil"

* About to connect() to xxx.x.xxx.26 port 8080

* Trying xxx.x.xxx.26... connected

* Connected to xxx.x.xxx.26 (xxx.x.xxx.26) port 8080

> HEAD /vminet.html HTTP/1.1

> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5

> Accept: */*

> Host:itlml.affsc.af.mil

>

< HTTP/1.1 200 OK

HTTP/1.1 200 OK

< Server: Apache-Coyote/1.1

Server: Apache-Coyote/1.1

< Set-Cookie: JSESSIONID=216685349E207756719BD7F78EEFFD22; Path=/

Set-Cookie: JSESSIONID=216685349E207756719BD7F78EEFFD22; Path=/

< Content-Type: text/html;charset=UTF-8

Content-Type: text/html;charset=UTF-8

< Transfer-Encoding: chunked

Transfer-Encoding: chunked

< Date: Tue, 21 Aug 2012 21:20:54 GMT

Date: Tue, 21 Aug 2012 21:20:54 GMT

* Connection 0 to host xxx.x.xxx.26 left intact

* Closing connection 0

[admin@:Active] ~
Richard__Harlan
Historic F5 Account
Aug 21, 2012
If you are using the iRule above they will not work with this request.

http://xxx.x.xxx.26:8080/vminet.html

The above iRules all are built with the URI == / not vminet.html if you need it to redirect when equaled to vminet.html then use the following

when HTTP_REQUEST {

if { [HTTP::uri] equals "/vminet.html" } {

HTTP::uri "/site.html"

}

You can put a logging statement in your iRUle to log the URI and make and what you are matching on

log local0. "URI == [HTTP::uri] Matching == /vminet.html"
Richard__Harlan
Historic F5 Account
Aug 21, 2012
The other thing is you are making it back to the Tomcat server as the JSESSIONID is being set. So am I missing something?
Al_3585
Nimbostratus
Aug 22, 2012
Still having a problem. Just to make sure, here's the following situation:

CLIENT --> HTTPS --> F5 --> HTTP:8080 --> Tomcat-Server

I've created a VIP which handle the SSL-termination. Then I have a server-pool with the tomcat-server, which listen on port tcp 8080.

When I connect directly to the tomcat-server with tcp:8080, then all works fine. When I connect through the loadbalancer with https://, then I get a client error-message "Internet Explorer cannot display webpage".
nitass
Employee
Aug 22, 2012
have you tried what Richard suggested i.e. vminet.html?
smp_86112
Cirrostratus
Aug 22, 2012
Here's what I suspect is happening, because it happens to us quite frequently. The key is understanding that tomcat doesn't have any idea that the client is using HTTPS. Tomcat is talking HTTP, so when he has redirects to send, he sends them as HTTP. When the client follows the redirect, the connection is reset or times out because you don't have an HTTP VIP.

This is pretty simple to diagnose with a network trace. If you don't want to mess with decrypting the SSL, just do a tcpdump between the LTM and tomcat. Capture the inbound client request and the response. I bet that will tell you what's happening. You could also simply create an HTTP VIP just to see if that fixes it, or apply and HTTP profile to the HTTPS VIP with the Redirect Rewrite profile option set to All.
Al_3585
Nimbostratus
Aug 22, 2012
Yes I did but no change. Thx!
nitass
Employee
Aug 22, 2012
can you post the virtual server, pool and irule configuration?

b virtual (name) list

b pool (name) list

b rule (name) list