cancel
Showing results for 
Search instead for 
Did you mean: 

HTTP to HTTPS without redirection

Deepak_Nair
Cirrus
Cirrus

Hi Experts ,

 

I have a requirement where CLIENT makes a HTTP_REQUEST to a VS , then VS convert that HTTP_REQUEST to HTTPS and send to the intended NODE.

 

Also , this should be in full proxy architecture where we will be having two sessions , Client ---> F5 for HTTP and then F5 --->server with HTTPS .

 

Would this be achievable and if yes , how can we get this via IRULE or some other means .

 

I parse through askf5 and devcentral BUT couldn't see any reference that MATCH my requirement .

 

Thanks again

 

Deepak

4 REPLIES 4

Hi Deepak,

 

  • Create a virtual server with port 80.
  • Assign http profile.
  • Assign serverssl profile. Don't assign clientssl.
  • Assign pool with 443 ports members.

Deepak_Nair
Cirrus
Cirrus

Ok the requirement is below .

 

when client make a request to the VIP URL http://www.example.com:8003/ngi/testentsys-m2p-lgmgmt-masterdata/entsys/m2p/lgmgmt/v1/commodities/:c... SHOULD route to AWS cloud NODE https://test.abcdef-ent-syz.com/testentsys-m2p-lgmgmt-masterdata/entsys/m2p/lgmgmt/v1/commodities/:c... . there are like 100 Web URL behind this NODE. So i think i need to use here an IRULE which will check for one URI string "/ppf" , STRIP that string and attach the REST URI request to HOST test.aausyd-ent-syz.com .

 

CLIENT_REQUEST to VIP ----> http://www.example.com:8003/ppf/testentsys-m2p-lgmgmt-masterdata/entsys/m2p/lgmgmt/v1/commodities/:c...

 

VIP to SERVER -----> https://test.abcdef-ent-syz.com/testentsys-m2p-lgmgmt-masterdata/entsys/m2p/lgmgmt/v1/commodities/:c...

 

NO redirection SHOULD be in full proxy .

 

i have written an irule BUT it returning me a RESET

 

when HTTP_REQUEST { 

 

if {([string tolower [HTTP::host]] equals "www.example.com:8003") && [HTTP::uri] starts_with "/ppf" } {

     HTTP::header replace "Host" "test.abcdef-ent-syz.com"

     HTTP::uri [string map [list "/ppf" "" ] [HTTP::uri]]

     node 10.10.10.1 443

     }

}

 

So my question is , can this be achievable .

iRule looks normal.

Is there another iRule in the Virtual Server?

Can you investigate /var/log/ltm?

Deepak_Nair
Cirrus
Cirrus

Hi ,

 

SORRY it works now . It happens that at server end there is a firewall blocking the traffic when request is initiated from F5 which is now sorted .

 

Thanks for the help again .