Forum Discussion

mlroot_62824's avatar
mlroot_62824
Icon for Nimbostratus rankNimbostratus
May 14, 2010

Rewrite rules introduces HTTPS for Weblogic

Has anyone come across this issue? We are trying to rewrite URIs to weblogic via an LTM with this rule:

 

 

when HTTP_REQUEST {

 

if { [HTTP::host] equals {f51}} {

 

HTTP::uri {http://websiteB:8040/path/}

 

}

 

}

 

 

the rewrite works fine, except that (when I analyzed it with wget) it rewrites using https instead of http. I know the common requirement is to divert http to https but I did NOT request https; http is what I have in my rule:

 

 

wget -S

 

--2010-05-14 10:01:08--

 

Resolving f51... 10.0.0.0

 

Connecting to f51|10.0.0.0|:80... connected.

 

HTTP request sent, awaiting response...

 

HTTP/1.1 302 Moved Temporarily

 

Date: Fri, 14 May 2010 16:01:08 GMT

 

Location:

 

Content-Type: text/html

 

Set-Cookie: JSESSIONID=LtzGJxBvhL7N7pBRnphPC9tCljLXzn6P1MJ0bpcbhYjk6r2Lp52P!-131925596; path=/

 

Connection: Close

 

Set-Cookie: BIGipServerpool1=753416202.17955.0000; path=/

 

Location: [following]

 

--2010-05-14 10:01:08--

 

Connecting to f5westest1|10.0.0.0|:443... connected.

 

Unable to establish SSL connection.

 

 

Any help would be appreciated.

 

 

 

  • Hi,

     

     

    Based on the iRule you've posted, I don't see how LTM could be telling the client to make a request via HTTPS. Do you have rewrite redirects enabled on the HTTP profile enabled on the VS?

     

     

    In the iRule you're rewriting the URI to an absolute version regardless of what URI the client requested. Also, you're specifying a port in the URI. This wouldn't change what IP:port LTM load balances the request to--just what the client is telling the web server it's making a request to.

     

     

    What are you actually trying to do with the URI rewrite?

     

     

    Aaron

     

     

  • Thanks for your response.

     

    Yes, I have rewrite redirects enabled.

     

    I am simply trying to hide the weblogic URI behind a simple uri

     

  • Chris_Akker_129's avatar
    Chris_Akker_129
    Historic F5 Account
    If you disable the rewrite redirects in the http profile, the LTM will not change the protocol from http to https when the response from the server is 30x. This is done in the http profile under Settings, there is a checkbox - so check to make sure this is set to None. That should solve your http to https issue.

     

     

    In version 9 and 10, the help explains this as:

     

     

    Redirect Rewrite

     

    Specifies whether the system rewrites the URIs that are part of HTTP redirect (3XX) responses. The default is None ( in Version 9.4 ).

     

     

    None: Specifies that the system does not rewrite the URI in any HTTP redirect responses.

     

     

    All: Specifies that the system rewrites the URI in all HTTP redirect responses.

     

     

    Matching: Specifies that the system the URI in any HTTP redirect responses that match the request URI.

     

     

    Nodes: Specifies that if the URI contains a node IP address instead of a host name, the system changes it to the virtual server address.

     

     

    As far as the rest of your iRule, looks like you are trying to change the Hostname. See the examples on DevCentral iRules:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules.HomePage

     

     

     

     

     

     

     

  • Thanks, Chris. That explains and takes care of the https.

     

    For the rest, I am simply trying to rewrite the URI to that of the backend server, port and path where the service is actually hosted.