change respons HTTP to HTTPS

Question

Hi all,&nbsp;
&nbsp;Maybe this is an easy question. 
&nbsp;Using BigIp for SSL offload to a Exchange server. Exchange server respond with a 302 redirect and send "Location: http://whatever.se/exchange/
”&nbsp;
&nbsp;that causes client to use http instead of https.&nbsp;
&nbsp;I guess that i can replace http to https in HTTP_RESPONSE_DATA using I-rules. &nbsp;
&nbsp;Also is it possible to replace just "http://" to "https" or do I have to rewrite the hole uri.?!&nbsp;&nbsp;
&nbsp;Can someone help me whit an example?&nbsp;
&nbsp;Have a great day&nbsp;
&nbsp;Goran B&nbsp;

bl0ndie_127134 · Answer

If you need to modify just the Location header on the 302 response from 'http' to 'https', you can do that using the profile 'http redirect rewrite all'

rodney_newton_7 · Answer

I am having the same problem with OWA terminating SSL on the BigIP... as you suggested I modified the profile to "redirect rewrite all" and it now gets passed the login but when it builds the page you only see the frames. Inside the frames I am getting page cannot be displayed. Any ideas?

adamp_1519 · Answer

i am having the same issue: 
&nbsp;  
&nbsp; internet -&gt; F5/https -&gt; OWA/http .. i dont want to use a https server profile, as we run the F5-&gt;OWA connection through content inspection, so we need it clear text. 
&nbsp;  
&nbsp; what is the most efficient way to do this? 
&nbsp;  
&nbsp; passing the "FRONT-END-HTTPS: on" header doesn't seem to work with Exchange 2007. 
&nbsp;  
&nbsp; re-writing every single URI response from http-&gt;https seems computationally expensive..  
&nbsp;  
&nbsp;  
&nbsp; damn microsoft, why do they need to rewrite the entire uri, why not just the page or everything after / 
&nbsp;  
&nbsp;  
&nbsp;  
&nbsp; your link (below) gives me an access denied (after logging in) 
&nbsp; http://devcentral.f5.com/Default.aspx?tabid=29&amp;newsType=ArticleView&amp;articleId=56

adamp_1519 · Answer

I have re-written the 302-redirect, and so far OWA on Exchange 2007 seems fine. 
&nbsp;  
&nbsp;  
&nbsp; i use this fairly global rule, however i bind the irule to the webmail virtual-server only. 
&nbsp;  
&nbsp;  
&nbsp; when HTTP_RESPONSE { 
&nbsp;   if { [HTTP::is_redirect] }{ 
&nbsp;      HTTP::header replace Location "[string map {"http://" "https://"} [HTTP::header Location]]" 
&nbsp;   } 
&nbsp; }

john_keller · Answer

Good day to you all. 
&nbsp;  
&nbsp; I've had some issues with migrating a website from our Cisco CSS11500 load balancer to our shiny new LTMs.  I've migrated over 40 sites so far from the CSSes to LTMs, but this one is rather difficult.  This site is very heavy on the Javascript side, and secure.  When a specific action is launched on the site, the client attempts to send a request to a non-secure object on the page (whose browser immediately alerts them to the nonsecure object being requested).  What's more is that this doesn't occur in the CSS environment, which is most troubling.  adamp's solution above appears to have resolved this issue, with modifying the URI from http to https.  Devcentral has assisted with several other challenges that I've overcome, and I thank you all for the great wealth of knowledge shared here. 
&nbsp;  
&nbsp; -John Keller

Forum Discussion

change respons HTTP to HTTPS

5 Replies

Recent Discussions

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

Change cookie domain in HTTP::respond

HTTP to HTTPS Redirect Rewrite plus port change

How to redirect Https to Https respons ?

Change admin account

HTTP 2.0 changes everything