Redirect http client to https on same non-default port

Hi again.

 

 

in order to make this shorter and to avoid logging entries, I tried the following version of your suggestion:

 

 

rule ssl_redirect_sameport {

 

when HTTP_REQUEST {

 

this is useless without "accept non-SSL connections" option in clientssl profile!

 

if { not ( [SSL::cipher version] contains "SSL" ) } {

 

HTTP::redirect https://[HTTP::host]:[TCP::local_port][HTTP::uri]

 

}

 

}

 

}

 

 

this rule is enabled on a VS as follows:

 

 

virtual abc.de-29082 {

 

pool abc-29082

 

destination a.b.c.d:29082

 

ip protocol tcp

 

rules selfaccess-SNAT ssl_redirect_sameport

 

persist cookie

 

profiles { abc.de-acceptnonSSL { clientside } http {} tcp-lan-optimized { serverside } tcp-wan-optimized { clientside } }

 

vlans { internal external } enable

 

}

 

 

(rule selfaccess-SNAT uses a SNAT pool address if the client is on the same subnet as the VS, thus enabling the pool members themselves to access this VS - no SNAT otherwise)

 

 

The SSL profile reads as follows:

 

 

profile clientssl abc.de-acceptnonSSL {

 

defaults from abc.de

 

nonssl enable

 

}

 

 

With this setup, when typing http://abc.de:29082 into the browser address line, I do not get any webpage displayed (connection error - tested with IE8 and Firefox 4.0.1). Wireshark shows that the BigIP issues a TCP reset as soon as it receives the client's unencrypted http GET request. When disabling the ssl_redirect_sameport iRule, the unencrypted access works. Only the redirect doesn't seem to work. Any hints on this? Thanks again for your help.

 

 

Martin