Jeff_Unger_1067
Dec 22, 2005Nimbostratus
HTTP -> HTTPS -> HTTP Cookie Persistence
I have a ticket open with F5 technical support, but thought I might post my issue here as well, just to see if anyone might have some insight. I am not sure if this needs to be handled by an iRule specifically, or if basic configuration options can yeild the desired result?
A user connects to http://www.gosolodev.com:80 and enters login information. The BigIP directs the request to server1 and the user authenticates. At this point, the user is logged in to server1 and the BigIP uses cookie persistence to continue to direct that user to server1. As the user is navigating throughout the application, they click a link that uses SSL so they access https://www.gosolodev.com:443. At this point, the BigIP is not matching the cookie persistence and re-load balances the connection, possible directing the user to server2. Since the user was logged in to server1, server2 requires them to authenticate.
What we need to happen is as long as the same user with the same session is connecting to the BigIP, they should go to the same server, regardless of whether they are connecting via HTTP or HTTPS. The re-login presentation that happens is really just a by product to the issue. Does anyone know how to do this?
The following are the relevant entries in bigip.conf
monitor gosolodev-wl-https {
defaults from https
interval 10
timeout 31
send "GET /um/login.jsp"
}
monitor gosolodev-wl-http {
defaults from http
reverse
interval 10
timeout 31
recv " Weblogic Bridge Message Failure of server APACHE bridge:
No backend server available for connection: timed out after 10 seconds.
Build date/time: May 8 2003 15:20:38
Change Number: 257949 "
send "GET /um/login.jsp"
}
profile clientssl gosolodev-clientssl {
defaults from clientssl
key "gosolodevssl.key"
cert "gosolodevssl.crt"
}
profile serverssl gosolodev-serverssl {
defaults from serverssl
key "gosolowildssl.key"
cert "gosolowildssl.crt"
ca file "ca-bundle.crt"
}
profile http gosolodev-http {
defaults from http
insert xforwarded for enable
}
profile persist dev-gosolo-cookie {
defaults from cookie
mode cookie
cookie mode insert
cookie name GOSOLODEV-COOKIE
cookie expiration 0d 02:00:00
across services enable
across virtuals enable
}
pool dev-https {
monitor all gosolodev-wl-https
member 192.168.103.79:https
member 192.168.103.126:https
}
pool dev-http {
monitor all gosolodev-wl-http
member 192.168.103.79:http
member 192.168.103.126:http
}
rule strip-www-gosolodev {
when HTTP_REQUEST {
if { [HTTP::host] equals "www.primerica.gosolodev.com" } {
HTTP::redirect "http://primerica.gosolodev.com"
}
virtual dev-http {
destination 192.168.103.190:http
ip protocol tcp
profile gosolodev-http oneconnect tcp
persist dev-gosolo-cookie
pool dev-http
vlans DEV enable
}
virtual dev-https {
destination 192.168.103.190:https
ip protocol tcp
profile gosolodev-clientssl gosolodev-http gosolodev-serverssl oneconnect tcp
persist dev-gosolo-cookie
pool dev-https
vlans DEV enable
}
Thanks.