Hi, I'm trying to redirect https://xyz.com to https://xyz.com:9443 but for some reason I'm getting an error (too many redirect clear your cookies). In order for this redirect to happen I know that traffic needs to be decrypted first and then re-encrypted and sent encrypted to the final destination. VIP_443; IP:10.10.10.10; SSL Profile (Client) - Wildcard cert; Pool: no; Irule: yes; Source Address Translation (none) VIP_9443; IP:10.10.10.10; SSL Profile (Clinet): none; Pool_9443; Source Address Translation(AutoMap); Irule: none when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":9443" 1][HTTP::uri] } Thanks in Advance

Once the HTTPS session is built, there won't be any possibility of seeing the traffic unless it gets decrypted. Then the redirection should be pointed at port 443 on the HTTP VIP. So it appears, you will have to create three VIPs in the following fashion. VIP:80 ; VIP:443 ; VIP:9443 ; Traffic would hit on 443, get decrypted on 80 and then again get encrypted for 9443. Please let me know how it goes.

Amy this is not correct. The traffic on the 443 virtual server is decrypted with the cert as shown by client SSL.

HTTPS to HTTPS:9443 redirect

16 Replies

Kevin_Davies

MVP

Oct 18, 2017

Try this and see if it helps...

when HTTP_REQUEST { 
    HTTP::redirect "https://[getfield [HTTP::host] {:} 1]:9443[HTTP::uri]" 
}

Amy003_314955
Cirrus
Oct 20, 2017
Once the HTTPS session is built, there won't be any possibility of seeing the traffic unless it gets decrypted. Then the redirection should be pointed at port 443 on the HTTP VIP. So it appears, you will have to create three VIPs in the following fashion.

VIP:80 ; VIP:443 ; VIP:9443 ;

Traffic would hit on 443, get decrypted on 80 and then again get encrypted for 9443. Please let me know how it goes.
- Kevin_Davies_33
  Nimbostratus
  Oct 20, 2017
  Amy this is not correct. The traffic on the 443 virtual server is decrypted with the cert as shown by client SSL.
- Amy003_314955
  Cirrus
  Oct 23, 2017
  Hi Kevin,
  ¬†
  
  I have tested the irule config and it did not work. Also, I referred the dev central link which is - https://https://devcentral.f5.com/s/feed/0D51T00006i7SQhSAM.
  ¬†
  
  Please go through Deb Allen's comments on this link.
  ¬†
- Kevin_Davies
  MVP
  Oct 23, 2017
  Amy,
  
  We have two distinct virtual servers, no wildcards. We are redirecting https to https. The original post indicates we want to redirect from 443 to 9443. If you apply my iRule above to the first virtual server it will decrypt the client traffic then send a 302 redirect to the client to the same destination on port 9443 using https. The client will then follow that redirect and establish a new connection to port 9443 and the traffic will continue on to the pool member.
  
  Please can you explain to me where the problem is?
Amresh008
Nimbostratus
Oct 20, 2017
Once the HTTPS session is built, there won't be any possibility of seeing the traffic unless it gets decrypted. Then the redirection should be pointed at port 443 on the HTTP VIP. So it appears, you will have to create three VIPs in the following fashion.

VIP:80 ; VIP:443 ; VIP:9443 ;

Traffic would hit on 443, get decrypted on 80 and then again get encrypted for 9443. Please let me know how it goes.
- Kevin_Davies_33
  Nimbostratus
  Oct 20, 2017
  Amy this is not correct. The traffic on the 443 virtual server is decrypted with the cert as shown by client SSL.
- Amresh008
  Nimbostratus
  Oct 23, 2017
  Hi Kevin,
  
  I have tested the irule config and it did not work. Also, I referred the dev central link which is - https://devcentral.f5.com/questions/need-help-with-redirect-https-to-http.
  
  Please go through Deb Allen's comments on this link.
- Kevin_Davies
  MVP
  Oct 23, 2017
  Amy,
  
  We have two distinct virtual servers, no wildcards. We are redirecting https to https. The original post indicates we want to redirect from 443 to 9443. If you apply my iRule above to the first virtual server it will decrypt the client traffic then send a 302 redirect to the client to the same destination on port 9443 using https. The client will then follow that redirect and establish a new connection to port 9443 and the traffic will continue on to the pool member.
  
  Please can you explain to me where the problem is?
Amresh008
Nimbostratus
Oct 20, 2017
Once the HTTPS session is built, there won't be any possibility of seeing the traffic unless it gets decrypted. Then the redirection should be pointed at port 443 on the HTTP VIP. So it appears, you will have to create three VIPs in the following fashion.

VIP:80 ; VIP:443 ; VIP:9443 ;

Traffic would hit on 443, get decrypted on 80 and then again get encrypted for 9443. Please let me know how it goes.
- Kevin_Davies_33
  Nimbostratus
  Oct 20, 2017
  Amy this is not correct. The traffic on the 443 virtual server is decrypted with the cert as shown by client SSL.
- Amresh008
  Nimbostratus
  Oct 23, 2017
  Hi Kevin,
  
  I have tested the irule config and it did not work. Also, I referred the dev central link which is - https://devcentral.f5.com/questions/need-help-with-redirect-https-to-http.
  
  Please go through Deb Allen's comments on this link.
- Kevin_Davies
  MVP
  Oct 23, 2017
  Amy,
  
  We have two distinct virtual servers, no wildcards. We are redirecting https to https. The original post indicates we want to redirect from 443 to 9443. If you apply my iRule above to the first virtual server it will decrypt the client traffic then send a 302 redirect to the client to the same destination on port 9443 using https. The client will then follow that redirect and establish a new connection to port 9443 and the traffic will continue on to the pool member.
  
  Please can you explain to me where the problem is?

Forum Discussion

HTTPS to HTTPS:9443 redirect

16 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

HTTP To HTTPS Redirect 301

Anchor Link Redirect

Http redirection

HTTP URI Replace/Redirect

HTTP POST redirect preserving POST data