Forum Discussion
Abe_11636
Cirrus
CirrusLoosing HTTPS After Logging In
Hello,
I have a weblogic (ohs/webcache) and F5 setup
I created new vip/ adding new pool using 443 as ports add client and server ssl profiles.
In prod this same setup doesnt work wheras in the qa it goes through - retains the (new vip/ adding new pool using 443 as ports add client and server ssl profiles.)
So i go to the site : https://site.ping.com/app (retains the https) get a logon window> logs in - i see as HTTP, and errors out but when I add HTTPS I go to the next page.
This only works in chrome and mozilla - IE alreayd shows as HTPPS but no page/ I get a programming error.
Any ideas?
Thanks, Joe
17 Replies
What_Lies_Bene1Cirrostratus
OK, so you can you be a bit more explicit about your configuration, is it like this;
Client ---> Virtual Server:443/SSL Termination then Re-encryption ---> Pool Member:443/SSL Termination
You can try enabling Redirect Rewrite in the HTTP Profile assigned to the Virtual Server (if the above is correct) although this shouldn't be necessary.
Additionally, a Stream Profile might solve the issue but also shouldn't be necessary if your Virtual Server and Pool Members are all listening on port 443 and terminating SSL.
Abe_11636That is correct.
i add this irule:
when HTTP_REQUEST {
if {[string length [HTTP::host]] } {
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
else {
HTTP::redirect https://[IP::local_addr][HTTP::uri]
}
}
But its not keeping https. (Again in IE the https is there but the webpage isnt) Any idea on why it errors out in IE?
Thanks- What_Lies_Bene1What's the purpose of the iRule? Clients would need to connect using https:// anyway wouldn't they, as the VS is only listening on 443?
- Abe_11636Yea the VS only listens to 443
- Abe_11636I am not sure what I need actually/
The QA i didnt have to
From what I can see on the browser side it doesnt have the https after I login/on the logon page I see the https in all 3 browsers - What_Lies_Bene1OK, so your iRule is redundant. If a client switches to HTTP, it'll send it's request on port 80 and it obviously won't be responded to. I'm not sure why there would be a http:// link sent in a server response when the server itself is running SSL but hey, bad code is everywhere!
The simplest fix I would say is to create an additional port 80 version of your Virtual Server, don't assign a Default Pool but assign a HTTP Profile and this iRule;when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri] } - Abe_11636Where would the close quote go?
- What_Lies_Bene1Whoops, sorry;
when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } - Abe_11636chrome now shows as too many redirects
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
mozilla and ie also doesnt work when the rule is in place - What_Lies_Bene1OK. Looks like the server is sending a redirect with http:// and then we're sending a second. OK, so our best bet is to rewrite the server redirects. Take the iRule off and enable Redirect Rewrite in the HTTP Profile and all should be well (I hope). If not, we can also use a Stream Profile but we'll not do that unless this fails.
It's worth noting we are fixing a server configuration issue here; the server(s) should not be sending http:// redirects over an SSL connection!
