Https redirection

It sounds like your initial redirect is working but then the server itself is sending additional redirects back to the client using http:// instead of https://. You can either modify your application to send back the correct https:// redirects (preferred), or you can try using the Rewrite Redirects function of the http profiles (Click here).

 

 

Also stream profiles can accomplish the same thing, Click here for information on those (you would just want to replace all instances of http:// with https://)

 

 

Hope that helps,

 

Denny

One thing to keep in mind is that your iRule will only redirect as long as the user agent (browser) supplies a HTTP host header. If not, the LTM will not return a valid redirect - the link will be more along the lines of "http:///[URI]". This probably isn't going to be a big deal most of the time, but it pays to be thorough. Here's what I did:

 

 

 

when HTTP_REQUEST {

 

if { [ string length [ HTTP::host ] ] > 0 } {

 

HTTP::redirect "https://[HTTP::host][HTTP::uri]"

 

} else {

 

HTTP::redirect "https://[IP::local_addr][HTTP::uri]"

 

}

 

 

}

 

 

So if the HTTP host header is not supplied, we at least redirect them to the IP of the virtual server to which they are currently connected. There may be better ways to do this, but this has been working great for me.

 

 

Thanks,

 

Nathan

 

 

Thanks guys. Let me give it a shot. I was thinking that the problem lies on the browser (client) settings.

 

It's didn't work. I still do get the security alert pop up. The message is " You are about to be redirected to a connection that is not secure. the information you are sending to the current site might be retransmitted to a non secure site. Do you wish to continue?"

 

Any ideas?

You could try installing a browser plugin to log the web app's responses to see exactly what insecure content the client is requesting to cause the browser warning. If it's a redirect, the rewrite redirects option on the HTTP profile should prevent this. If it's an absolute reference to HTTP content, you would want to use a stream profile to rewrite the reference to HTTPS.

 

 

You can use IEwatch or HTTPwatch for IE, or LiveHttpHeaders for Firefox to view the exact communication on the browser.

 

 

Aaron

you have to configure the SSL profile (client) under the VIP for that website. you can do this by either purchasing one, or using the system supplied one.

 

 

The way we use this function is by creating two VIPs, one for connections to port 80, then one to port 443. We associate our SSL certificate to the VIP with port 443. Here is how it works for us.

 

 

1) create a VIP with port 80.

 

a. Name www.test.com

 

b. IP address: 192.168.100.5

 

c. port 80

 

 

2) create irule to redirect. The irule you have should redirect the connection

 

 

3) Associate the irule with the www.test.com VIP

 

 

4) create a VIP with port 443

 

a. Name www.test.com_SSL

 

b. IP address: 192.168.100.5

 

c. port 443

 

 

4) Under configuration, SSL Profile(client), associate a system supplied SSL Certificate, or purchase a SSL certificate and load it on the LTM.

 

 

I think the reason you're getting that message is because you have no SSL certificate installed for that site. Anytime you have HTTPS traffic, you should supply a SSL Certificate for it. Being that your VIP is set to port 80, you don't want the certificate associated with that one. So you create the VIP with port 443, same IP address, to associate the SSL certificate to. Let me know if this helps