Mike_Richards_6
Mar 01, 2011Nimbostratus
WL-Proxy-SSL HTTP header is not working in WebLogic 10.3.4 with F5 Big-IP load balancer
I have submitted this issue to Oracle Support because I believe the problem is on the WebLogic side, but I wanted to post it here in case any iRules experts have any suggestions. I will keep this post updated with my findings from Oracle Support.
Here is the contents of the support request I sent to Oracle:
---------------
Problem Description: WL-Proxy-SSL HTTP header is not working in WebLogic 10.3.4 with F5 Big-IP load balancer. We are off-loading the SSL for WebLogic and Oracle SOA Suite to the Big-IP hardware. Setting the WL-Proxy-SSL header worked with WebLogic 10.3.3 but does not appear to be working with 10.3.4.
1) Processor Spec's
64-bit Intel
2) Describe the Oracle environment
FMW 11.1.1.4 home with Oracle SOA Suite installed. The AdminServer is running the WebLogic Console and EM Fusion Middleware Control.
3) Describe your question or issue in detail
Here is the network trace provided by our F5 Big-IP network administrator:
----------------------------------------
This is the conversation between the F5 and the server of me hitting https://soa-test1.corp.paetec.com/console:
GET /console HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: soa-test1.corp.paetec.com
Connection: Keep-Alive
Cookie: __utma=105458178.438694096.1294338702.1297090301.1297117932.6; __utmz=105458178.1294338702.1.1.utmcsr=insight.paetec.com|utmccn=(referral)|utmcmd=referral|utmcct=/; s_pers=%20s_nr%3D1298411690215-Repeat%7C1301003690215%3B%20s_prop18_persist%3DDirect%7C1298498090418%3B; BIGipServersoa-test1_tcp7101_pool=470164234.48411.0000; ADMINCONSOLESESSION=7zbLNl9Qgnv4Bln17Tp33ZWMrGTX240CC3yQ2DJT1yrLQpQ65vqs!-481033609
WL-Proxy-SSL: true
HTTP/1.1 302 Moved Temporarily
Date: Wed, 23 Feb 2011 22:07:23 GMT
Transfer-Encoding: chunked
Location: http://soa-test1.corp.paetec.com/console/
X-Powered-By: Servlet/2.5 JSP/2.1
0115
302 Moved Temporarily
This document you requested has moved temporarily.
It's now at http://soa-test1.corp.paetec.com/console/.
----------------------------------------
Notice that "WL-Proxy-SSL: true" is present in the HTTP request headers, but WebLogic is still returning a redirect to the HTTP version of the page.
As mentioned earlier, we used an identical load-balancer configuration with FMW 11.1.1.3 and WebLogic 10.3.3 with success.
4) List any documentation or notes you are following
I followed the steps in this document and it did not resolve the issue:
E-WL: How to Configure WebLogic 10.3 Admin Server Behind Load Balancer? [ID 1127517.1]
Perhaps this is a regression of bug 8254839 "In WebLogic Server 10.3.0, the WL-Proxy-SSL header is not recognized by the server."
I have reviewed and performed the steps in Doc ID 1127517.1. I have confirmed that "-Dweblogic.http.isWLProxyHeadersAccessible=true" appears on the command line for the WebLogic java process. The network capture I included in the SR shows that the "WL-Proxy-SSL: true" header is being set at the load balancer.
---------------