maintaining the request URL

You're seeing the URL changed by the F5 box? How's it being altered?

the request is https://my.domain.com/myapp, and the application is getting http://my.domain.com:80/myapp. The Weblogic server is actually running on port 8082, so I'm not sure where the port 80 is coming from.

Posted By Layne on 08/23/2010 12:11 PM

 

the request is https://my.domain.com/myapp, and the application is getting http://my.domain.com:80/myapp. The Weblogic server is actually running on port 8082, so I'm not sure where the port 80 is coming from.

 

 

Interesting...have you done a tcpdump on the F5 to see if there's a redirect coming from the app server? There's no reason you should be specifying :80.

There is no redirect coming from the app server. I wrote a simple jsp in the deployed app that just shows the contents of the request.getRequestURL() method, and http://my.domain.com:80/myapp is what I'm getting from F5.

 

 

I am new to the device, and it is actually being managed by another office in my company, so my access is limited. They've setup the SSL VIP (with a valid cert), pool, and had to do a snat to route responses back to my office correctly, but there are no other iRules in place for this VIP.

 

 

The F5 technician assigned to the case did not know why our application was getting port 80 in the request either, and offered no help on ways to debug. This forum looks like my only hope for descent support.

The BigIP won't change any of this unless configured to do so. Have you done a double check on the jnlp file? It seems possible that there's a definition somewhere that is hard coding it.

 

-Matt

The jnlp is using the request.getRequestURL() method to determine the codepage. I need to somehow configure big ip to send the original URL (https://my.domain.com:443/myapp is what I expect, and that would be the appropriate codepage location for the jnlp response. the BIG IP is translating the request header to http://my.domain.com:80/myapp, which is causing the codepage to be wrong in the jnlp response.

 

 

How do I change the behavior of the BIG IP to NOT translate the request header? Does anyone have an example of an iRule that can either explicitly set the protocol, and port, or just keep the BIG IP from translating it?

 

 

Sorry if I'm being dense guys, but I'm completely frustrated by not having access to our device. I have to give direction to network guys, who have no programming or web experience whatsoever.

Are you terminating SSL on your F5 by any chance?

 

 

You might need to do an HTTP profile with a Request Header Insert of "WL-Proxy-SSL: true"

 

 

http://support.f5.com/kb/en-us/solutions/public/4000/400/sol4443.html is the link on how to do the header insertion.

 

 

If the F5 is terminating SSL, it will send cleartext to WebLogic. Weblogic is what's making the assumption that the request is :80 because it sees cleartext...I'd see if the header insertion helps at all and if it doesn't, you'll have to either use a server-side ssl profile to re-encrypt traffic or you'll have to do an iRule to rewrite the URI and add the port.

F5 is terminating SSL. Thanks for the link, Chris. Having our admin set that up now. I'll let you know.

I agree Chris. The LTM won't change the headers at all, unless configured to do so. Tomcat has a similar issue that pops up, and there's a server.xml stanza called "ProxyPort" that will fix up issues like this in many cases. Hopefully something easy like that will help.

 

-Matt