8/13/2014 Document 889308.

1
https://support.oracle.com/epmos/faces/DocumentDisplay?_adf.ctrl-state=cx62kyyqe_126&id=889308.1 1/3
How To Redirect HTTP Traffic to HTTPS On A BIG-IP F5 Load Balancer (Doc ID 889308.1)
In this Document
Goal
Solution
References
APPLIES TO:
Oracle Applications Technology Stack - Version: 11.5.10.0 to 12.1.1 - Release: 11.5 to 12.1
Information in this document applies to any platform.
GOAL
How do you redirect HTTP traffic to HTTPS traffic when running a BigIp F5 Load Balancer?
Lets use a case history for better understanding.
You currently have a multi node middle tier setup configured with a F5 load balancer. Your application is currently
running on port 8000. Your current login url: is http://bigipvirtualserver.yourdomain.com:8000
You have now decided to implement SSL acceleration/termination so that SSL requests are offloaded to the BigIp. This
means you need to configure your BigIp virtual server to listen on a SSL port such as 443.
This in effect means your login url or entry point will become:
https://bigipvirtualserver.yourdomain.com:443
You may decide that you want to preserve the original URL http://bigipvirtualserver.yourdomain.com:8000
as users are used to this url and may have it bookmarked.
As such, you want to redirect traffic from the original URL to the new URL so the change to end users is transparent.
There may be other reasons why you want to achieve this. Read below for how it's achieved
SOLUTION
Steps (performed on the load balancer)
1. Create an irule on the load balancer as follows
Navigation: Local traffic - iRules
This defines the iRule. Note: you do not assign this to a virtual server
when HTTP_REQUEST {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
8/13/2014 Document 889308.1
https://support.oracle.com/epmos/faces/DocumentDisplay?_adf.ctrl-state=cx62kyyqe_126&id=889308.1 2/3
2a. Create another irule on the load balancer
# Apply this rule to an HTTP virtual server and
# it will redirect any HTTP requests to HTTPS
when HTTP_REQUEST {
HTTP::redirect https://bigipvirtualserver.yourdomain.com
}
where https://bigipvirtualserver.yourdomain.com is your virtual server url i.e. your current entry point
This rule will redirect any URL request which is non-SSL to the document root of the server in SSL mode
e.g. http://bigipvirtualserver.yourdomain.com/dir/somefile.html will be redirected to
https://bigipvirtualserver.yourdomain.com
If you wish to preserve the URL entered by the user but simply switch protocols to HTTPS then implement option 2b
instead of 2a
2b.
# Apply this rule to an HTTP virtual server and
# it will redirect any HTTP requests to HTTPS
when HTTP_REQUEST {
if { [TCP::local_port] == 80 }{
HTTP::redirect "https://[getfield [HTTP::host] ":" 1][HTTP::uri]"
}
}
3. Create a new virtual server on the same IP as the existing virtual server.
Assign the port you want the server to listen on (this would be 8000 in the above example)
Assign a default http profile to the new virtual server
Assign irule number 2 above to the new virtual server. Only 1 iRule is assigned, that being the one created in step 2.
The 1st iRule we created only defines the rule
4. Now Any request to http on port 8002 should now redirect to https on port 443
e.g. requests to http://bigipvirtualserver.yourdomain.com:8000 will redirect to
https://bigipvirtualserver.yourdomain.com:443
REFERENCES
8/13/2014 Document 889308.1
https://support.oracle.com/epmos/faces/DocumentDisplay?_adf.ctrl-state=cx62kyyqe_126&id=889308.1 3/3
NOTE:727171.1 - Implementing Load Balancing On Oracle E-Business Suite - Documentation For Specific Load Balancer
Hardware