For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bucklej3_128765's avatar
bucklej3_128765
Icon for Nimbostratus rankNimbostratus
Aug 12, 2013

ProxyPass redirect error on method POST

We ran into an issue with ProxyPass, where the following redirect causes the application to fail when issuing POST. You can see below we got around the issue by using if {[HTTP::method] equals "GET"}. The question is.. would this redirect ever be valid for anything other than GET.

 

 If you go to http://www.domain.com/dir, and /dir is a directory, the web
 server will redirect you to http://www.domain.com/dir/.  The problem is, with ProxyPass, if the client-side
 path is http://www.domain.com/dir, but the server-side path is http://www.domain.com/, the server will NOT
 redirect the client (it isn't going to redirect you to http://www.domain.com//!).  Here is the problem with
 that.  If there is an image referenced on the page, say logo.jpg, the client doesn't realize /dir is a directory
 and as such it will try to load http://www.domain.com/logo.jpg and not http://www.domain.com/dir/logo.jpg.  So
 ProxyPass has to handle the redirect in this case.  This only really matters if the server-side path is "/",
 but since we have the code here we might as well offload all of the redirects that we can (that is whenever
 the client path is exactly the client path specified in the data group but not "/").
    if {[HTTP::method] equals "GET"} {
if {$orig_uri eq $path_clientside} {
    if {([string index $path_clientside end] ne "/") and not ($path_clientside contains ".") } {
        set is_https 0
        if {[PROFILE::exists clientssl] == 1} {
            set is_https 1
        }
         Assumption here is that the browser is hitting http://host/path which is a virtual path and we need to do the redirect for them
        if {$is_https == 1} {
            HTTP::redirect "https://$orig_host$orig_uri/"
            if { $static::ProxyPassDebug } {
                log local0. "$log_prefix: Redirecting to https://$orig_host$orig_uri/"
            }
        } else {
            HTTP::redirect "http://$orig_host$orig_uri/"
            if { $static::ProxyPassDebug } {
                log local0. "$log_prefix: Redirecting to http://$orig_host$orig_uri/"
            }
        }
        return
    }
}
    }
application delivery
devops
iRules

1 Reply

  • Simon_Kowallik1's avatar
    Simon_Kowallik1
    Historic F5 Account
    Aug 12, 2013

    HTTP::redirect uses the HTTP 302 status code to redirect a user agent to a new location, however when a user agent receives a HTTP 302 status code for a POST/PUT/DELETE HTTP request, it will use GET because it assumes the server received the data.

    If you want to redirect the user agent and it should again issue a POST you would need to use HTTP status code 307, which will instruct the user agent to POST again to a different location.

    HTTP::redirect only supports 302, so you would need to craft a HTTP redirect with HTTP::respond. Example:

    HTTP::respond 307 Location "http://$orig_host$orig_uri/"