03-Nov-2020 08:58
Hi guys,
Got an issue where the end webserver sends a redirect for a certain address.
When going direct with https to the server it sends back a redirect of https://whatever.com but when going through the F5 VIP who talks to it with plain http it returns http://whatever.com which then doesn't work.
Is there a way of changing this? Is it the same as the usual iRule, I tried using the built in http redirect to https but it just broke everything with an error of too many redirects on the browser
03-Nov-2020 20:19
Just trying to understand your behavior 1st.
From what I can think of, your http://whatever.com is resolving to your VIP, when the traffic lands on port 80, you got the http2https irule redirect. Thus it redirects to VIP:443, but again its going on loop.
1st figure who is sending the 302. Check the header Server: is it bigip or webserver.
Then comes your solution, whether the prob is on the F5 or on the webserver, if for no reason the webserver is sending 302, then the fix should be on the server. Check with your application team, whether the app should be running on SSL or Non-SSL. Based on that fix your LTM setup.
03-Nov-2020 20:35
Some applications servers can be configured to respond with https URLs on http ports, or to ignore http without redirecting.
Some application servers can respond to a header
X-Forwarded-Proto: HTTPS
The question is - does the application server respond to any request on an HTTP port with a redirect to https?
If so, then you have to use one of the methods above (if you can), or you have to set up your pool to use https (and have a server-ssl profile).
05-Nov-2020 11:59
Use an http profile with Redirect Rewrite set. https://support.f5.com/csp/article/K14775