WebDAV and SSL Problem

Question

I am implementing a document management system (OpenText) with SSL offload on the LTM.  I have an iRule that sends a redirect to https for any http traffic.  The redirect works fine until WebDAV starts being used.  In captures, I see the browser sending, for example,
&nbsp;http://www.xxx.com/contentserverdav/License.pptx with HEAD /contentserverdav/License.pptx HTTP/1.1
.  The LTM sends a redirect with Location:https://www.xxx.com/contentserverdav/License.pptx
.  But the browser ignores the redirect.  Any information you could provide on whether this is normal, or ways to make SSL work with WebDAV would be greatly appreciated.&nbsp;

hooleylist · Answer

Hi, 
&nbsp;  
&nbsp; I'm not familiar with the OpenText app, but here are a few possible solutions in order of efficiency for LTM: 
&nbsp;  
&nbsp; Set a native OpenText configuration option which tells the web app that it should refer to itself using https:// instead of http:// references.  This is something you could check OpenText documentation for.  I assume most web apps support SSL proxying by now. 
&nbsp;  
&nbsp; Configure LTM to insert an HTTP header which LTM inserts which tells the web app that it should refer to itself using https:// instead of http:// references. 
&nbsp;  
&nbsp; Use an iRule and stream profile to rewrite the response headers and content from http:// to https:// so that the client will make requests to https:// only. 
&nbsp;  
&nbsp; Aaron

pwoll_74049 · Answer

Thanks to your help, I was able to resolve this.  I used the third approach above to use an iRule to rewrite the responses as follows: 
&nbsp;  
&nbsp; when HTTP_RESPONSE { 
&nbsp;   
&nbsp;    Check if response type is text 
&nbsp;   if {[HTTP::header value Content-Type] contains "text"}{ 
&nbsp;     
&nbsp;    Replace http:// with https:// 
&nbsp;     STREAM::expression {@http://mydomain.com@https://mydomain.com@} 
&nbsp;    Enable the stream filter for this response only 
&nbsp;     STREAM::enable 
&nbsp;   } 
&nbsp;    
&nbsp;      Check if server response is a redirect  
&nbsp;   if { [HTTP::header is_redirect]} {  
&nbsp;         Log original and updated values  
&nbsp;        log local0. "Original Location header value: [HTTP::header value Location],\  
&nbsp;                 updated: [string map -nocase "http:// https://" [HTTP::header value Location]]"  
&nbsp;    
&nbsp;         Do the update, replacing http:// with https://  
&nbsp;        HTTP::header replace Location [string map -nocase "http:// https://" [HTTP::header value Location]]  
&nbsp;   } 
&nbsp; } 
&nbsp;  
&nbsp; At first I thought that the second portion of this code to rewrite the Location entries was unnecessary.  However, I learned that the stream profile does not affect the Location information, thus the addition.  Elsewhere, I only had to enable the stream profile on the Virtual Server.

Forum Discussion

WebDAV and SSL Problem

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

IIS 6.0 WebDAV Buffer Overflow

Source_Addr Persistence Problems

Problem about Export imformation to Excel

C3D first request problem

Troubleshooting TLS Problems With ssldump

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS