Serverside redirects

Question

Our network setup consists of a F5 and 3 web servers all in the same pool.  We terminate SSL on the F5 which means we are just doing http on the serverside.  We recently started to do server side redirects which forces the redirect to hit the pool again and goto another server.  This causes all kinds of issues due to the various cookies that our app is looking for and can not longer find because when they hit the new server, it looks like a new session.&nbsp;
&nbsp;I was looking at doing something with HTTP_RESPONSE and comparing the uri being generated on the serverside with our problem uri.  If it matches I would send it back to the same server.  It seems I can not use HTTP::uri with HTTP_RESPONSE.  &nbsp;
&nbsp;What is everyone else doing in this scenario?  Any iRule snippets out there that might give me some more direction?

deb_allen_18 · Answer

The server-generated redirect URI is contained in a server response header, so rather than using [HTTP::uri], you can use [HTTP::header] to catch and manipulate the Location: header within the HTTP_RESPONSE event:when HTTP_RESPONSE {
  if { [HTTP::header exists Location] }{
    set myNewRedirect 
    HTTP::header replace Location $myNewRedirect
  }
}However, you might want to experiment with a persistence profile instead of an iRule to solve the problem.  Persistence is easy to implement.  Cookie persistence is low overhead, and would work if redirects are to the same server name.
HTH
/deb

brent_sachnoff_ · Answer

Thanks for the quick response Deb.  &nbsp;
&nbsp;That looks like it will solve my problem.&nbsp;
&nbsp;I do have persistence profile for SSL but not for normal HTTP.  My problem is the our code sends back all responses on HTTP and I use the F5 to force it back to HTTPS.  I do not know how to implement persistence across the board for HTTP or HTTPS as both are different VIPs.  Suggestions on that?

deb_allen_18 · Answer

If the hostname is the same for both HTTP and the subsequent redirect to HTTPS, the browser should submit the cookie when following the redirect.&nbsp;
&nbsp;If it's a redirect to a different name, you could implement simple/sourceIP persistence and enable "Match across virtual servers".&nbsp;
&nbsp;In addition to persistence, there is a setting in the HTTP profile called "Redirect rewrite" that will enable automatic re-writing of server-set redirects to HTTPS when LTM is doing decryption. Create and apply a custom http profile with Redirect rewrite set to "Matching" to force re-writing of HTTP redirects for the requested hostname to HTTPS.&nbsp;
&nbsp;You can also apply this iRule to the HTTP virtual server to force traffic from HTTP to HTTPS: Click here&nbsp;
&nbsp;I think that should take care of everything...&nbsp;
&nbsp;HTH
&nbsp;/deb

brent_sachnoff_ · Answer

The Redirect rewrite is exactly what I am looking for!  Thanks a lot!

Forum Discussion

Serverside redirects

Recent Discussions

F5 looses the token for the first call

feature request: container egress service

did not show checkbox on chrome while access through f5

How do I create a traffic log for two different route domains?

Flip-flop load balancing

Related Content

Serverside SNI injection iRule

behavior of SSL::disable serverside

Insert Client Certificate In Serverside HTTP Headers

(HTTP) Redirection via Arbitrary Host Header

Anchor Link Redirect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS