15-Jul-2020 15:02
Dear Experts,
I need a help to solve an issue related to SSL offloading with LTM, my issue as following:
Client---LTM-VS---Server, the server is sending a HTTP redirect302 response to a location like following:
Location: http://example.local:80/xx/ApplicationsLogin?applicationId=MTA=&applicationInstanceId=MQ==\r\n, my issue is related to the port 80 send by the server in the host (example.local:80), if the LTM Virtual server is working with port 80 (http) everything will works fine but once i convert the virtual server to https (443) the application will not open because the server is redirecting the client to this URL: example.local:80, if i remove the port 80 manually, the application will work fine.
I am looking for a way to rewrite the http repsonse from the sever by removing the port 80 from the response to the client side, in simple words i need an IRULE or a workaround to forward the server rsponse to the client by rewriting the 302 response from the server:
Location: http://example.local:80/xx/ApplicationsLogin?applicationId=MTA=&applicationInstanceId=MQ==\r\n
to forward it to the client side like follows:
Location: http://example.local/xx/ApplicationsLogin?applicationId=MTA=&applicationInstanceId=MQ==\r\n
Your help will be appreciated.
Regards,
Muhannad
Solved! Go to Solution.
16-Jul-2020 09:22
Hello Muhannad.
Tried this code and it works like a charm.
when HTTP_REQUEST {
set fqdn_name [HTTP::host]
}
when HTTP_RESPONSE {
set location [HTTP::header Location]
set port [URI::port $location]
set n_path [URI::path $location]
set n_basename [URI::basename $location]
set n_query [URI::query $location]
if { [HTTP::is_redirect] }{
if { $port eq 80 }{
HTTP::header replace Location "https://$fqdn_name$n_path$n_basename?$n_query"
}
}
}
Without iRule, this is the server response.
< HTTP/1.0 302 Found
< Location: http://example.local:80/xx/ApplicationsLogin?applicationId=MTA=&applicationInstanceId=MQ==
< Server: BigIP
< Connection: Keep-Alive
< Content-Length: 0
And this is the response with the iRule.
< HTTP/1.0 302 Found
< Location: https://example.local/xx/ApplicationsLogin?applicationId=MTA=&applicationInstanceId=MQ==
< Server: BigIP
< Connection: Keep-Alive
< Content-Length: 0
Regards,
Dario.
15-Jul-2020 17:57
Hello Muhannad.
Try this code:
when HTTP_REQUEST {
set fqdn_name [HTTP::host]
}
when HTTP_RESPONSE {
set location [HTTP::header Location]
set port [URI::port $location]
set n_path [URI::path $location]
set n_basename [URI::basename $location]
set n_query [URI::query $location]
if { [HTTP::is_redirect] }{
if { $port eq 80 }{
HTTP::header replace Location &quot;https://$fqdn_name$n_path$n_basename?$n_query&quot;
}
}
}
Regards,
Dario.
16-Jul-2020 05:12
Hi Dario,
Thanks for the response, it gave me an error for the quot when i create the IRULE, i have tried without it but this didnt work :(, it stuck :
it stuck in the initial requested URL http://xxx.local/xx
is there any simple IRULE can strip to port 80 from the 302 header location.
Regards,
Muhannad
16-Jul-2020 09:22
Hello Muhannad.
Tried this code and it works like a charm.
when HTTP_REQUEST {
set fqdn_name [HTTP::host]
}
when HTTP_RESPONSE {
set location [HTTP::header Location]
set port [URI::port $location]
set n_path [URI::path $location]
set n_basename [URI::basename $location]
set n_query [URI::query $location]
if { [HTTP::is_redirect] }{
if { $port eq 80 }{
HTTP::header replace Location "https://$fqdn_name$n_path$n_basename?$n_query"
}
}
}
Without iRule, this is the server response.
< HTTP/1.0 302 Found
< Location: http://example.local:80/xx/ApplicationsLogin?applicationId=MTA=&applicationInstanceId=MQ==
< Server: BigIP
< Connection: Keep-Alive
< Content-Length: 0
And this is the response with the iRule.
< HTTP/1.0 302 Found
< Location: https://example.local/xx/ApplicationsLogin?applicationId=MTA=&applicationInstanceId=MQ==
< Server: BigIP
< Connection: Keep-Alive
< Content-Length: 0
Regards,
Dario.
19-Jul-2020 01:13
Dear Dario,
This worked as charm, many thanks :).
Regards,
Muhannad
19-Jul-2020 02:21
Great! Glad to hear this.
Don't forget to mark my answer as "the best" to help other people to find it ;-).
20-Jul-2020 00:27
With pleasure :D.
16-Jul-2020 05:13