For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

8 Replies

  • Thomas_Gobet_91's avatar
    Thomas_Gobet_91
    Icon for Cirrostratus rankCirrostratus
    Aug 18, 2014

    Hi,

     

    Can you be more precise on your problem ?

     

    I don't understand if the offloading is your problem or if it's something else.

     

    • siyadh_121603's avatar
      siyadh_121603
      Icon for Nimbostratus rankNimbostratus
      Aug 19, 2014
      Hi Tomas, It not the issue of Offloading the ssl certificate. the issue is after offloading the certificate, all the traffic is happening as http.
  • Thomas_Gobet's avatar
    Thomas_Gobet
    Icon for Nimbostratus rankNimbostratus
    Aug 18, 2014

    Hi,

     

    Can you be more precise on your problem ?

     

    I don't understand if the offloading is your problem or if it's something else.

     

    • siyadh_121603's avatar
      siyadh_121603
      Icon for Nimbostratus rankNimbostratus
      Aug 19, 2014
      Hi Tomas, It not the issue of Offloading the ssl certificate. the issue is after offloading the certificate, all the traffic is happening as http.
  • smp_86112's avatar
    smp_86112
    Icon for Cirrostratus rankCirrostratus
    Aug 18, 2014
    This is a common problem. Sharepoint doesn't know that the clients are talking HTTPS, right? When it receives the traffic, it has already been decrypted and arrives on :80. There's several ways to handle this. The quick-and-dirty way is to apply an iRule to the HTTP VIP which redirects everything to HTTPS. Something like this: when HTTP_REQUEST { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } The big downside of this approach is that it will result in one unnecessary TCP round-trip, every time it's used, for every client - probably, a lot of extra hops. In other words, generally speaking it will reduce the performance of the application. What you should do, in my opinion, is to tell Sharepoint that clients are really talking HTTPS - in other words, that "SSL is offloaded". But unfortunately for you, I'm not a Sharepoint expert so I don't know how to do this. Each application is unique. But hopefully someone with Sharepoint experience will chime in.
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Aug 18, 2014

    Sounds like you may need to configure Alternate Access Mappings on the SharePoint web app. Check out page 41 of this guide: http://www.f5.com/pdf/deployment-guides/iapp-sharepoint-2010-2013-dg.pdf

     

    • smp_86112's avatar
      smp_86112
      Icon for Cirrostratus rankCirrostratus
      Aug 18, 2014
      > But hopefully someone with Sharepoint experience will chime in. See what I mean? Thanks for the reference mikeshimkus, that's exactly what I was talking about.
  • Andrew_Husking's avatar
    Andrew_Husking
    Icon for Cirrus rankCirrus
    Aug 22, 2014

    Have a look at stream profiles:

     

    https://devcentral.f5.com/articles/ltm-stream-profile-multiple-replacements-regular-expressions

     

    when HTTP_RESPONSE { if {[HTTP::status] ==200}{ STREAM::enable STREAM::expression "@http://@https://@" } }