Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

How to redirect Https to Https respons ?

Satriaji
Cirrus
Cirrus

Hii Everyone,

I have a problem with our client application Web.

I have VS port 443 (using SSL) and pool member 80. (IP VS 192.168.x.x:443 --> pool member 10.45.x.x:80 )

When client access port 443 at homepage still 443, but when user login to the homepage, its redirected from 443 to http (80). When I dump, the response from server is true (respons 443 TLS) because F5 respons must be 443.

 

The problem is why the user after login to the homepage redirected to HTTP, not HTTPS ?

We can't using this step:

1. we cannot change the pool member port 80 to member 443 because port 80 still use for internal application, so we cannot create redirected VS http to https.

2. Server can be change from 80 to port 443 because have not received permission from the client management.

 

So the question is :

Any irules to change the respons server to https when user login to the homepage ???

Thankyou.

9 REPLIES 9

Hi @Satriaji , 
Till now I do not see the issue exists on servers , also it is not doable for me to redirect server Responses to https. 

>If you use client ssl , your traffic should return to clients Encrypted. 
> Traffic should be returned from server to F5 Decrypted due to non existance of server ssl profile.
> if you were redirected after login , maybe you were redirected to another virtual serer using port 80. 

> Are there any changes in your "hostname" After Loging directly , maybe the homepage redirects you to another domain after loging in. 
so I susbect that your Requests are un trusted after loging in against this Client ssl not server. 

I think the issue is still wiith Client ssl 

you can clarify more if you need , I will follow up

_______________________
Regards
Mohamed Kansoh

Dear Mohamed,

Here the config 

Server Farm

===========

IP VS = 192.168.x.x port 443 (without use SSL profile at clientside profile)

Pool member = 10.45.x.xx port 443 ( its use to IP VS DMZ )

 

DMZ

======

IP VS = 10.45.x.x port 443 (its used to IP pool member Serverfarm) using SSL client side profile

Pool member= 10.43.x.x port 80 (server http)

 

When the user access https://abcd/otcs/login the homepages still https, but after login using user name and password, the homepage : http://abcd/otcs/login . They want to still https when login.

 

thankyou

 

 

@Satriaji  , Alright then. 
it’s a strange behavior to me. 
ِAnyway , I would Recommend to create new http virtual server , and assign a redirection iRule from http to https to force redirection of https always in path. 
> when login and redirected to non secure http , you should be redirected again by the( new created virtual server + assigned Redirection iRule " http ــــ> https " use the default one ) 
> This below Redirection irule for the " new http virtual server " 

 

 when HTTP_REQUEST {
       HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
    }

 

 

Try it , I hope it works with you. 

_______________________
Regards
Mohamed Kansoh

Dear Mohammed,

The VS port 80 have been used for internal application, so we cann't create IP VS port 80. (cannot using step 1 to create VS port 80 then assign the irules_sys_redirect_https) because that IP VS & port 80 have been used.

 

So when the client access https://abc.com --> homepage become http://abc.com , so we must add or manually add "https://" in the browser so the app can be open.

 

Can we use this step on article https://support.f5.com/csp/article/K14775 ?

Hi @Satriaji , 
Great , I think this KB should solve your issue. 
you can try it and inform us if it resolved. 

Goodluck. 

_______________________
Regards
Mohamed Kansoh

Hi @Mohamed_Ahmed_Kansoh  - I think you meant to past a KB article, but it didn't come through for some reason. Could you please try linking it again?

Thanks @Leslie_Hubertus , 
@Satriaji shared with me a very good Article so I read it well and I found it very helpful to solve his issue. 
I mean in my reply his KB Article. 


_______________________
Regards
Mohamed Kansoh

Ah, of course, I misread. Sorry!

Carry on! 🙂

Dear Sarah,

Can you explain what is the contents of the iRules ?