Forum Discussion

Pank1984_270974's avatar
Pank1984_270974
Icon for Nimbostratus rankNimbostratus
Jun 06, 2017

Redirection issues

Hello Experts, I am new to LTM and have a scenario to discuss and take your expert help.

 

We are deploying an application and want to leverage F5 as a reverse proxy. The application has two servers and each server represents different URL, we intend to resolve both the URLs to single IP address from internet.

 

Servers are listening on different ports. Application team wants it to listen on https and want to offload SSL to ADC. Till here we have created a VIP listening on tcp/443 and referenced a pool of servers listening on different port TCP/1200. We have created client-ssl profile and imported certificate so HTTPs just works fine.

 

application delivery
iRules
LTM

4 Replies

Sort By
  • Pank1984_270974's avatar
    Pank1984_270974
    Icon for Nimbostratus rankNimbostratus
    Jun 06, 2017

    Here are the requirements.

     

    • We are testing the application with single URL once its working we will put the above irule in place for both URLs. However we see lots of challenges now.

       

      1. When we try the URL https://test.com from the internet, we get login page, after log into the application immediately we get redirected to http://test.com:1200 and page can not be displayed, however when we remove the port number and replace http with https the page loads well. Here i am stuck what i can do from F5 perspective another irule..!

         

      2. Further when we go click on applications inside of the page, we get the below error.

         

    "The page at was iquery loaded over HTTPS, but requested an insecure endpoint '...)'. This request has been blocked; the content must be served over HTTPS."

     

    I have gone through multiple KBs on devcentral and have seen there would be http and stream profile to get it fixed but could not get one to check and how to apply a stream profile.

     

    Please advice, thanks in advance.

     

  • Pank1984_270974's avatar
    Pank1984_270974
    Icon for Nimbostratus rankNimbostratus
    Jun 06, 2017
    • From F5 perspective we can leverage irules to send the traffic for different URLs to different pools while on a single VIP. I am going to put the below irule.

    URLs.- https://test.com && https://testapp.com

     

    iRule:- when HTTP_REQUEST { if { [HTTP::uri] contains "test" } { pool test-1200 } else { pool testapp-12001 } }

     

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for MVP rankMVP
    Jun 06, 2017

    The URLs you've shared - https://test.com && https://testapp.com

    But your Irule is of URI. Refer WIKI.

    Eg: https://[HTTP::host][HTTP::uri]"

    So you should be capturing the host instead of URI.

    when HTTP_REQUEST {
    switch [string tolower [HTTP::host]] {
        "test.com " {
            pool test_pool
        }
        "testapp.com" {
            pool testapp_pool
        }
    }
}

    Your requirement is still not clear because of alignment. Not sure, but you may wanna be using 

    SNI feature
    .

  • dragonflymr's avatar
    dragonflymr
    Icon for Cirrostratus rankCirrostratus
    Jun 07, 2017

    Hi,

     

    Hard to say what is exact cause of the problem. Starting point is to capture traffic on client and see what exact response are.

     

    If I can recall HTTP profile has option for redirect rewrite - never used it - but maybe it's worth checking.

     

    Piotr