http to https rewrite serverside
Hello,
Been beating my brain trying to figure this one out (looking at a plethora of examples as well to no avail). In a nutshell here is what we have and what I'm trying to accomplish.
I have a virtual server setup to listen on all ports (wildcard port). This VS (virtual server) will take a client request and direct it to a specific node (web/app server) on the port it came in on. Also we are doing SSL offloading on the F5 (all data must be encrupted due to the sensitity of the data). I am also interrogating the header in the way in to the F5 to make a determination for which server showuld get this traffic. Here is the simple iRule to do this so far. By the way the iRule works fine until the server responds with a http back to the client (I'll explain below).
when HTTP_REQUEST {
set lower_host [string tolower [HTTP::host]]
set local_port [TCP::local_port]
switch -glob $lower_host {
"sqrt1.*" {
node 10.195.17.130 $local_port }
"sqrt2.*" {
node 10.195.17.131 $local_port }
"sqrt3.*" {
node 10.195.17.132 $local_port }
"sqrt4.*" {
node 10.195.17.133 $local_port }
"sqrt5.*" {
node 10.195.17.134 $local_port }
}
}
An example flow would be a client coming into the VS with the following URI "https://sqrt1.somedomain.com:9010". Our intent is to perform SSL offload and then direct that traffic to node 10.195.17.130 over port 9010. That all works great until the server responds back to the client using absolute paths with a response looking like this "http:sqrt1.somedomain.com:9010". The server is not aware of the offloading so it incorrectly inserts http: on the way back to the client.
I am hoping to somehow check that (http: inserted) on the way back to the client and hopefully be able to do a rewrite on the fly. I thought about trying to trap this on the way into the F5 but it appears to be problematic since the traffic is coming in a high port (9XXX) and is not using SSL at that point (where the F5 is set to use SSL). Is there a way to check and rewite on the way from the server back to the client?
Thanks.
Paul M.