For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

FlorianM_29948's avatar
FlorianM_29948
Icon for Nimbostratus rankNimbostratus
Oct 25, 2013

URL asking to download a file instead of displaying the normal web page

Hello,

 

I've got a problem with one of my configuration that i'm going to detail for you :

 

One of my webservice need to access some ressources on an extern partner platform.

 

I've configured an outgoing proxy on my LTM with a virtual host named ws-partner.mycompany.local pointing to a pool with the partner platform as a member.

 

Since i need to access the partner platform in HTTPS i've got an SSL server profile with the Root AC of the partner in the Trusted Certificate Authorities.

 

I also configured a SNAT pool with the associated configuration on my firewall.

 

I'm using the Proxypass iRule in order to present myself to the partner platform with the expected URL, here's the content of my Proxypass where partnerplatform.com_443 is the pool containing the partner platform node : "/WebServices" := "partnerplatform.com/WebServices/ partnerplatform.com_443",

 

Now if I use the exact same configuration and if I only replace the pool in my Proxypass by partnerplatform.com_80 (which is the same platform but in HTTP) everything works fine and the url ws-partner.mycompany.local/WebServices display the correct page but when i try to access the partner platform in HTTPS (with the above configuration) my browser doesn't display anything and ask me to download a file instead.

 

I can't figure why I get this behavior, does somebody already see something like that ?

 

Thanks.

 

P.S : Sorry english isn't my first language.

 

3 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 26, 2013

    Two things:

     

    1. Enable STREAM payload rewriting in your proxypass iRule by setting static::RewriteResponsePayload to 1 or 2 (try both).

       

    2. Create and apply an HTTP profile that has the Redirect Rewrite option set to All or Matching (try both).

       

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 28, 2013

    Do you need more informations about my configuration ?

     

    More information would be good, as well as perhaps a client side capture of a working and non-working configuration.

     

  • FlorianM_29948's avatar
    FlorianM_29948
    Icon for Nimbostratus rankNimbostratus
    Oct 30, 2013

    I finally found my problem and resolved it.

     

    The problem was the iRule Proxypass, I doesn't use it anymore on this particular configuration and I replaced it with another simple iRule who just handle the host rewrite like that :

     

    when HTTP_REQUEST { set partner "partnerplatform.com" HTTP::header replace Host: $partner }

     

    Everything is working just fine like that.

     

    Thanks for the help :)