Preserve Port on HTTP Redirect
Hi Everyone:
We have an interesting issue we're trying to tackle. We have a Virtual Server with multiple virtual ports (http:80, https:443, https:4444, https:4445, etc). We currently have a working redirect script (similar to a lot of posts on here) for 80 to 443 and it is working fine for several of our virtual servers:
when HTTP_REQUEST {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}
In this situation however, we have servers on the backend that are configured for multiple applications on different ports (each in separate service groups) with no discerning URI differences:
sg#1:4444 consists of
server1:4444
server2:4444
server3:4444
When hitting the Virtual Server via http on one of these non-standard ports, no redirect occurs using the above script.
"http://vip.mydomain.com:4444/someURI" should redirect to "https://vip.mydomain.com:4444/someURI"
Right now, users must explicitly specify 'https://'. Is there a reason this is happening? Does the script need to be adjusted, or is there another way to approach this via an HTTP template? Hopefully I'm explaining everything correctly.
Thanks!
Answers
I believe the issue here is that when the vPort is HTTPS, the SSL handshake must occur prior to HTTP_REQUEST event. Since the handshake doesn't occur, your aflex script never fires.
That said, I'm not coming up with a workaround with only a single vPort. If you change the vPort to HTTP, you can apply the client-ssl template, but the SSL Context is not created, so server-hello is not sent back to client.
I'll ponder this some more, but our L7 manipulation options are slim to none without the SSL handshake completing.