Forum Discussion

Abe_11636's avatar
Abe_11636
Icon for Cirrus rankCirrus
Nov 20, 2012

Loosing HTTPS After Logging In

Hello,

 

I have a weblogic (ohs/webcache) and F5 setup

 

I created new vip/ adding new pool using 443 as ports add client and server ssl profiles.

 

In prod this same setup doesnt work wheras in the qa it goes through - retains the (new vip/ adding new pool using 443 as ports add client and server ssl profiles.)

 

So i go to the site : https://site.ping.com/app (retains the https) get a logon window> logs in - i see as HTTP, and errors out but when I add HTTPS I go to the next page.

 

This only works in chrome and mozilla - IE alreayd shows as HTPPS but no page/ I get a programming error.

 

 

Any ideas?

 

Thanks, Joe

 

config
design

17 Replies

Sort By
Show More
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Nov 20, 2012
    Here's an example for rewriting http:// references to https:// in the response Location header and payload:

     

     

    https://devcentral.f5.com/wiki/iRules.HTTPS-offload-rewriting.ashx

     

     

    Aaron
  • Abe_11636's avatar
    Abe_11636
    Icon for Cirrus rankCirrus
    Nov 20, 2012
    I'm confused as to why I got it working in QA and not in PROD.

     

     

    The OHS is configured to send both HTTP and HTTPS traffic so I have 2 vip and and 2 pools. (the say way I had set in QA)

     

    We were like YAY! it works when we got the login page. But it wasnt working once user logged.

     

     

    I checked the server side for both QA and PRD / It identical except for the diff subnet/ip .

     

  • Abe_11636's avatar
    Abe_11636
    Icon for Cirrus rankCirrus
    Nov 20, 2012
    Thanks for the information guys.

     

     

    Aaron, your the link app was able retains the https all 3 browsers.

     

     

    Thanks again@

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 20, 2012
    Are you 100% sure the servers are configured the same? The fact the SSLServer Profile doesn't work with the PROD servers suggests otherwise.

     

     

    I'm still not quite clear on your setup as you say you have two VSs and two Pools setup in QA and PROD; does that mean the port 80 VS works?
  • Abe_11636's avatar
    Abe_11636
    Icon for Cirrus rankCirrus
    Nov 20, 2012
    Yea, I checked all the config files I know.

     

    On the F5 I had set the 80 VIP first. Everything worked as it should

     

    Then once that was working. New requirement was have it SSL. We opted to leave 80 open while 443 some online.

     

     

    What would you suggest to check? F5 side or the weblogic(ohs- webcache ) side. I dont know.

     

    I saw some post enable Welogic pplugin to be checked and in F5 add WL-(something) to true

     

    But that didnt work/

     

     

    My co-worker it maybe is that the server strips ssl off/ since its ssl offloading it terminated at the F5/ Anything beyond is http.

     

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 20, 2012
    It's very possible the servers don't return https:// links, hence the suggestions around the Stream profile but didn't you say the servers were serving via SSL?

     

     

    So is it fixed?
  • Abe_11636's avatar
    Abe_11636
    Icon for Cirrus rankCirrus
    Nov 20, 2012
    Yea that irule link that Aaron helped fix it. And the OHS is open to both http and https traffic

     

    It retains the https through out site navigation.

     

     

    Thanks Steve and Aaron. Its good to go.