Options
Wordpress SSL Issue
Good morning!
I had a question regarding an issue our web developer team was having at our university. Apparently, they are having trouble with SSL when they require users to connect to their Wordpress Server. Their server is behind our load-balancer doing SSL offloading, and as such they've now requested that our AX-3030 let the Wordpress server know which protocol (HTTP or HTTPS). From some scrounging around, I found out that the way to do this is using the HTTP_X_FORWARDED_PROTO variable. So now I want to create an aFlex script to implement this, and I was wondering if what I have written here is correct (NOTE: These examples came from an F5 iRule, so I was wondering if would translate to the A-10 aFlex?)
when HTTP_REQUEST {
HTTP::header insert X-Forwarded-Proto https
}
when HTTP_REQUEST {
HTTP::header insert X-Forwarded-Proto http
}
So basically, if the user came in on HTTP, let the Wordpress Server know that in the X-Forwarded-Proto field (Same with HTTPS). The web developers have configured their Wordpress server to look for this X-Forwarded-Proto field.
So my question is whether the script I have written above will work?
Thank you
Ehsan
I had a question regarding an issue our web developer team was having at our university. Apparently, they are having trouble with SSL when they require users to connect to their Wordpress Server. Their server is behind our load-balancer doing SSL offloading, and as such they've now requested that our AX-3030 let the Wordpress server know which protocol (HTTP or HTTPS). From some scrounging around, I found out that the way to do this is using the HTTP_X_FORWARDED_PROTO variable. So now I want to create an aFlex script to implement this, and I was wondering if what I have written here is correct (NOTE: These examples came from an F5 iRule, so I was wondering if would translate to the A-10 aFlex?)
when HTTP_REQUEST {
HTTP::header insert X-Forwarded-Proto https
}
when HTTP_REQUEST {
HTTP::header insert X-Forwarded-Proto http
}
So basically, if the user came in on HTTP, let the Wordpress Server know that in the X-Forwarded-Proto field (Same with HTTPS). The web developers have configured their Wordpress server to look for this X-Forwarded-Proto field.
So my question is whether the script I have written above will work?
Thank you
Ehsan
Tagged:
0
Comments
applied to HTTPS Vport
when HTTP_REQUEST {
HTTP::header insert isSecure "YES"
}
applied to HTTP vPort
when HTTP_REQUEST {
HTTP::header insert isSecure "NO"
}
Hope this helps!
I do not want to use the xFF header though Jack, I know that the X-Forwarded-For does pass the client IP, however there is an X-Forwarded-Proto header that passes along the protocol type that traffic is hitting our load-balancer on (http://en.wikipedia.org/wiki/List_of_HTTP_header_fields, in second section titled "Common non-standard request headers"). This is what I want to use (I would use your example Jack, but our Web Developers have specifically set up their Wordpress to search for this specific header)
Will the A-10 recognize X-Forwarded-Proto? And is my syntax correct? Thanks!
Here's the wireshark output for the test.
GET / HTTP/1.1
Host: 10.0.1.17
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
DNT: 1
Connection: keep-alive
X-Forwarded-Proto: http
You can also do this with http templates natively. Here's an example where I create two templates with each being applied to different virtual server ports.
slb template http app_temp_http
request-header-insert X-forwarded-Proto:http insert-if-not-exist
slb template http app_temp_https
request-header-insert X-forwarded-Proto:https insert-if-not-exist
slb virtual-server www.app.com_v1 10.0.1.17
port 80 http
name _10.0.1.17_HTTP_80
template http app_temp_http
port 443 https
name _10.0.1.17_HTTPS_443
template http app_temp_https
Again, thank you so much!
Ehsan