Forum Discussion

Soft_JL's avatar
Soft_JL
Icon for Nimbostratus rankNimbostratus
Nov 03, 2020

Change redirect from http to https

Hi guys,

 

Got an issue where the end webserver sends a redirect for a certain address.

 

When going direct with https to the server it sends back a redirect of https://whatever.com but when going through the F5 VIP who talks to it with plain http it returns http://whatever.com which then doesn't work.

 

Is there a way of changing this? Is it the same as the usual iRule, I tried using the built in http redirect to https but it just broke everything with an error of too many redirects on the browser

3 Replies

  • Just trying to understand your behavior 1st.

    1. You are accessing your backend application through https://serverip and it redirects with https://whatever.com
    2. You try to access via your VIP - https://vip:443 to which I believe you have a 80 pool member, since you said it talks in http. This again gives http://whatever.com 

     

    From what I can think of, your http://whatever.com is resolving to your VIP, when the traffic lands on port 80, you got the http2https irule redirect. Thus it redirects to VIP:443, but again its going on loop.

     

    1st figure who is sending the 302. Check the header Server: is it bigip or webserver.

    Then comes your solution, whether the prob is on the F5 or on the webserver, if for no reason the webserver is sending 302, then the fix should be on the server. Check with your application team, whether the app should be running on SSL or Non-SSL. Based on that fix your LTM setup.

  • Some applications servers can be configured to respond with https URLs on http ports, or to ignore http without redirecting.

    Some application servers can respond to a header

    X-Forwarded-Proto: HTTPS

     

    The question is - does the application server respond to any request on an HTTP port with a redirect to https?

    If so, then you have to use one of the methods above (if you can), or you have to set up your pool to use https (and have a server-ssl profile).