Forum Discussion
Martin_Kaiser_1
Nimbostratus
NimbostratusRedirect http client to https on same non-default port
Hi guys,
I have a customer request of which I'm unsure whether it can be done at all or not:
I have a virtual https server on a BigIP running 10.2.0HF2. The virtual server is not r...
nitass
Employee
Employeeit seems it does not work in 10.2.3.
[root@ve1023:Active] config b version|grep -iA 1 version
BIG-IP Version 10.2.3 112.0
Final Edition
[root@ve1023:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.65.152:https
ip protocol tcp
rules myrule
profiles {
http {}
myclientssl {
clientside
}
tcp {}
}
}
[root@ve1023:Active] config b profile myclientssl list
profile clientssl myclientssl {
defaults from clientssl
nonssl enable
}
[root@ve1023:Active] config b rule myrule list
rule myrule {
when HTTP_REQUEST {
log local0. "\[SSL::cipher version\]: [SSL::cipher version]"
log local0. "\[catch {SSL::cipher version} result\]: [catch {SSL::cipher version} result]"
log local0. "\$result: $result"
if {$result equals "None"}{
log local0. "\$result is None"
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
} else {
log local0. "\$result is not None"
}
}
}
[root@ve1023:Active] config curl -I http://172.28.65.152:443/
Nov 11 16:42:17 local/tmm info tmm[4766]: Rule myrule : [SSL::cipher version]: None
Nov 11 16:42:17 local/tmm info tmm[4766]: Rule myrule : [catch {SSL::cipher version} result]: 0
Nov 11 16:42:17 local/tmm info tmm[4766]: Rule myrule : $result: None
Nov 11 16:42:17 local/tmm info tmm[4766]: Rule myrule : $result is None
[root@ve1023:Active] config curl -Ik https://172.28.65.152:443/
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2011 00:42:46 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Connection: close
Content-Type: text/html; charset=UTF-8
[root@ve1023:Active] config
Nov 11 16:42:32 local/tmm info tmm[4766]: Rule myrule : [SSL::cipher version]: TLSv1
Nov 11 16:42:32 local/tmm info tmm[4766]: Rule myrule : [catch {SSL::cipher version} result]: 0
Nov 11 16:42:32 local/tmm info tmm[4766]: Rule myrule : $result: TLSv1
Nov 11 16:42:32 local/tmm info tmm[4766]: Rule myrule : $result is not None
however, if i trigger HTTP::redirect in HTTP_RESPONSE event, it works.
[root@ve1023:Active] config b rule myrule list
rule myrule {
when HTTP_REQUEST {
set http_redirect 0
log local0. "\[SSL::cipher version\]: [SSL::cipher version]"
log local0. "\[catch {SSL::cipher version} result\]: [catch {SSL::cipher version} result]"
log local0. "\$result: $result"
if {$result equals "None"}{
log local0. "\$result is None"
set http_redirect 1
set http_host [HTTP::host]
set http_uri [HTTP::uri]
} else {
log local0. "\$result is not None"
}
}
when HTTP_RESPONSE {
if {$http_redirect}{
HTTP::redirect "https://$http_host$http_uri"
}
}
}
[root@ve1023:Active] config curl -I http://172.28.65.152:443/
HTTP/1.0 302 Found
Location: https://172.28.65.152:443/
Server: BigIP
Connection: close
Content-Length: 0
[root@ve1023:Active] config
Nov 11 16:45:21 local/tmm info tmm[4766]: Rule myrule : [SSL::cipher version]: None
Nov 11 16:45:21 local/tmm info tmm[4766]: Rule myrule : [catch {SSL::cipher version} result]: 0
Nov 11 16:45:21 local/tmm info tmm[4766]: Rule myrule : $result: None
Nov 11 16:45:21 local/tmm info tmm[4766]: Rule myrule : $result is None
[root@ve1023:Active] config curl -Ik https://172.28.65.152:443/
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2011 00:45:47 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Connection: close
Content-Type: text/html; charset=UTF-8
[root@ve1023:Active] config
Nov 11 16:45:33 local/tmm info tmm[4766]: Rule myrule : [SSL::cipher version]: TLSv1
Nov 11 16:45:33 local/tmm info tmm[4766]: Rule myrule : [catch {SSL::cipher version} result]: 0
Nov 11 16:45:33 local/tmm info tmm[4766]: Rule myrule : $result: TLSv1
Nov 11 16:45:33 local/tmm info tmm[4766]: Rule myrule : $result is not None