ssl offloading for microsoft TFS
Hello
i'm trying to implement ssl offloading for Microsoft Team Foundation Server (TFS) application, currently it's working over http 8080, so i created a virtual server with tcp, http & client ssl profile only (Client -- ssl:8080 --> F5 -- http:8080 --> TFS:8080), but it's not working.
I found that first four requests are sent by google chrome over https:8080 but the rest of requests around 70 requests (js & css) is over http:8080!, i used the dev tool to check the issue it was blocked by chrome because mixed contents is blocked by default, i allowed it but still not working because F5 is expecting ssl traffic not clear text, to overcome this issue i configured new http VS with redirect irule (http to https), but i got another error which is "too many redirects".
how to solve this issue & why google chrome is behaving like that, sending clear text request after the first request, maybe the server is send instructions to the client to use http?
irule workaround (too many redirects)
when HTTP_REQUEST {
HTTP::redirect https://[getfield [HTTP::host] ":" 1]:8080[HTTP::uri]
}
first request:
request headers:
Request URL: https://tfsapp:8080/tfs/DefaultCollection/Jakss%20Ticket%20System/_workitems/edit/78757
Request Method: GET
Status Code: 200 OK
Remote Address: 192.168.20.110:8080
Referrer Policy: strict-origin-when-cross-origin
response headers:
ActivityId: 5fba6c55-c70e-4e16-bb79-ca542327a100
Cache-Control: public, no-store, max-age=0
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Thu, 28 Oct 2021 11:31:20 GMT
Expires: Thu, 28 Oct 2021 11:31:21 GMT
Last-Modified: Thu, 28 Oct 2021 11:31:21 GMT
Lfs-Authenticate: NTLM
P3P: CP="CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR LOC CNT"
Persistent-Auth: true
Transfer-Encoding: chunked
Vary: *
WWW-Authenticate: Negotiate oYGyMIGvoAMKAQChCwYJKoZIgvcSAQICooGaBIGXYIGUBgkqhkiG9xIBAgICAG+BhDCBgaADAgEFoQMCAQ+idTBzoAMCAReibARqcnP7VnRAy2Y9a8LtnH/YImA1Y6pfoH1Sl/DGvqBxo1lCn4bMJi91Gi5YjuUMT59dmSYbLAMd0NKnkHFGs7oSTRl6S8t2hfk/YxDWyB3twFrDMpjF4mgwOL8Oqipvo+doMWhIjIjOEOckRg==
X-Content-Type-Options: nosniff
X-FRAME-OPTIONS: SAMEORIGIN
X-TFS-ProcessId: a5fdd0f9-0e98-4894-8c84-0d0c73345cb7
X-TFS-Session: 5fba6c55-c70e-4e16-bb79-ca542327a100
X-VSS-E2EID: 5fba6c55-c70e-4e16-bb79-ca542327a100
X-VSS-UserData: 7e4446cd-b2d6-4b4a-8929-107b9ad7bc9c:m.abcd
Next requests: (clear http)
Before allowing mixed content
After allowing mixed content
Thanks,
Mohanad