How to overcome "Only secure content is displayed"?
Hi, I am load balancing to a web server which uses backdrop mapping. I have created an Virtual Server listening on HTTP which applies the "_sys_https_redirect" iRule to redirect from HTTP to HTTPS which contains the following: when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } I have then created a second Virtual Server listening on HTTPS that presents the SSL certificate and then simply load balances to the pool members (passing traffic to them on TCP port 80). The problem that I am getting is that some pages contain backdrop mapping from openstreetmap.org (URL is similar to http://a.tile.openstreetmap.org/b/c/d/png where a b c and d can vary). Firefox and Chrome do not display this embedded backdrop mapping but Internet Explorer does at least show a message saying "Only secure content is displayed". If I then click on the "Show all content" button, the mapping does appear. I have searched the forums and have tried creating a custom http profile with edited "Request header insert" to insert the X-Forwarded-Proto but must be doing it wrong as i get an error "01070373:3: Invalid Header Insert 'X-Forwarded-Proto' for profile /Common/http_osnet. name:value must be ":" separated" I am fairly new to LTM so any help greatly appreciated.
*Redirect http to https for Internet clients but not private clients*
How to Redirect all clients from http to https for Internet clients but allow http to private client IP? Following is not working properly: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.0.0.0/8] or [IP::addr [IP::client_addr] equals 192.168.1.0/24]} { set redirect 0 } else { set redirect 1 } } when HTTP_REQUEST { if {$redirect}{ HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }
How to redirect Https to Https respons ?
Hii Everyone, I have a problem with our client application Web. I have VS port 443 (using SSL) and pool member 80. (IP VS 192.168.x.x:443 --> pool member 10.45.x.x:80 ) When client access port 443 at homepage still 443, but when user login to the homepage, its redirected from 443 to http (80). When I dump, the response from server is true (respons 443 TLS) because F5 respons must be 443. The problem is why the user after login to the homepage redirected to HTTP, not HTTPS ? We can't using this step: 1. we cannot change the pool member port 80 to member 443 because port 80 still use for internal application, so we cannot create redirected VS http to https. 2. Server can be change from 80 to port 443 becausehave not received permission from the client management. So the question is : Any irules to change the respons server to https when user login to the homepage ??? Thankyou.
Rewrite profile - any better way?
Hi, I wonder is there is any simpler way to achieve something described below: Scenario: Single VS - IP mapped to few external FQDNs Each external FQDN maps to virtual host on the same backend server (so traffic accepted only if there is Host header match in request send from BIG-IP to backend) There is possibility that some links returned from backend (in content) are not relative and can use backend srv FQDN. Setup: Local Traffic Policy forwarding traffic to appropriate pool based on host header in request from client - sure it could be one pool but because FQDN nodes has to be used I guess separate pools are needed - or not? Then Rewrite profile with URI rules for each ext FQDN to int FQDN with Rewrite Header, Rewrite content set, like * -> * -> * -> * and so on When redirect from http to https (send from backend) is needed then another Rewrite profile is necessary for HTTPS VS: * -> * -> * -> * and so on It is working OK but requires plenty of objects to be configured, everything has to be entered by hand, in few places and cause a lot of work and possibility to make mistake :-( Is there any other way (simpler, less error prone) to achieve the same goal? Piotr
Cookie with HTTP to HTTPS connections and the need of OneConnect
Hello, We need to preserve COOKIE styckyness once the client is switching from HTTP to HTTPS and viceversa using the same VIPS (only the ports 443-80 are different of course) and the Nodes IPs behind as well. BIGIP stanadrd cookie is based on IP address and port (i.e. pool member), so it cannot be used to stick to the same node. Instead, we can use this iRule to generate a UIE COOKIE based only on the node IP: https://devcentral.f5.com/wiki/iRules.HttpToHTTPsCookiePersistence.ashx But this is still not working!! even when we browse at HTTP level without switching to HTTPS. In the sniffer traces taken on the LTM i clearly see that the client always sends the "bIPs" COOKIE generated by the LTM, so it should stick to the same sever behind, right? So finally we were suggested to enabled OneConnect to both HTTP/HTTPS VIPs due to the fact that Persistence is not working sometime when HTTP Keepalive is active. https://support.f5.com/kb/en-us/solutions/public/7000/900/sol7964.html I am not clear why do we need OneConnect. Why LTM does not persist in case HTTP keepalive is enabled? We cannot use OneConnect as we had some issues with the application, so we are stuck..
SHAREPOINT REDIRECT IRULE ON LTM
What IRULE can be used to redirect a sharepoint website. I have a sharepoint url in my environment which management wants redirected to https://share.denison.net. https://share.dension.net is also currently functional and serving the same content like . Users on the Windows domain,only type and get automatically redirected to . How then do i redirect requests which load to to https://share.denison.net
HTTP to HTTPS
Hi, I was wondering if someone could help me with an irule that will redirect a site http://test.site.com:8050 to https:test.site.com:8050. The problem is it keeps getting stuck in a loop. I need it to know if its http to redirect but if the site comes in https then to not redirect the request again. Thanks!!!w3c iRule logging for Virtual Servers having http to https redirection iRule
Hi, I have been asked to verify the VS without w3c iRule in our LTMs and attach this iRule to them. Now, I have many VS in LTMs which have http to https redirection iRule attached to them and w3c iRule attached to VS listening on https. Could anyone of you please confirm whether I have to attach w3c iRule to both VS listening on http and https or would it suffice if I only attach it to VS with https as requests to http would be redirected to https VS. If I add w3c to both of the VS (http & https) would this create redundant logs as traffic to VS:http are redirected to VS:https. Can I have some clarification on this. Thanks in advance, MSK
http to https redirection issue .
Hello guys I got fast question probably I have 2 vips : https with pool members : 443 http + i rule but someone attached there pool with members on port 80 ........................ when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] } ........................ Customer was trying to connect via https vip but it was not working - from my experience it was nonsense so i removed pool http from http VIP and it started to work . I am not sure why , Vips were set with very standard options profile http and https + auto map Thank you for replay in advanceHTTP to HTTPS://wwww iRule
Hello, I have a pair of physical F5's sitting in front of an IIS farm. My understanding is it's better/easier to use iRules instead of IIS Re-write rules for what I'm trying to do. Can someone please assist in creating an iRule or set of iRules that would properly redirect ANY permutation of our website to https://www.URL.com? For example http://URL.COM --> https://www.url.com url.com --> https://www.url.com https://url.com --> https://www.url.com No matter how they type it, the URL should take them to Thank you very much!