For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jure_48098's avatar
Jure_48098
Icon for Nimbostratus rankNimbostratus
Feb 15, 2008

SSL login redirect

I have a site that I'm tryng to migrate to LTM, that is running HTTP and HTTPS. The login POST always goes to the SSL server. Server then does the auhorisation and returns a HTTP 302 redirect with the...
application delivery
dev
devops
iRules
Jure_48098's avatar
Jure_48098
Icon for Nimbostratus rankNimbostratus
Feb 24, 2008
Thank you for this. Unfortunately I can't just do an iRule Location rewrite if the reply is a 3XX redirect, because the response from the proxies to the LTM is the same whether the original request came from the SSL site or the HTTP one. I need to track and match:

 

 

1. if the client request to POST loginURL has Referer: https://someURI

 

2. do the response 3XX rewrite Location to https://someURI (it's always http://someURI in the response)

 

3. otherwise it works as planned (do nothing as it is http://..)

 

 

So I need to match the client request Referer and the server response and do the Location rewrite in case the original request had HTTPS Referer header.

 

 

The problem is that in the old setup, there were separate HTTP and SSL proxies that did this rewrites correctly, now there is only the HTTP one and I have to handle this logic on the LTM..

 

 

One way I see is to insert some SSL identifier into the original reguest Referer URL, like if it is an HTTPs one, add ?SSL to the URI in the Referer so I'd see it when the response (redirect to this Location) comes back from the server.