Forum Discussion

Eric_Kolb_27656's avatar
Icon for Nimbostratus rankNimbostratus
Apr 03, 2012

Protecting an HTTP AAA with SSL

We've got an HTTP\Basic AAA server and I'm having some trouble getting it off the ground in an access profile. Since the APM doesn't support setting up that AAA server pointed at an HTTPS source, we need to set up a layered virtual server, but the particulars of it are eluding me.



What we've got set up right now is a standard virtual server on port 80 the same IP as the 443 service. The 80 service is not assigned a pool. We've attached an iRule to redirect connections to the HTTPS version, but that causes a problem with the access profile.



When the user submits any credentials at all, the web page serving as the AAA returns a 302 over port 80. Since it's an HTTP/Basic and the response isn't a 401, the APM interprets this as a successful attempt.



How do we configure the virtual server on port 80 so we can get the benefit of HTTPS?


1 Reply

  • I've tried changing it from an HTTP\Basic page to one responding to POST data. When the AAA is pointed directly at it, it works fine. When it's being redirected through an iRule, it does not respond appropriately to 301, 302, or 307 status codes. When the target URI is a POST site, it doesn't seem to repost the form to the location specified in the status code. This is true whether the target URI is HTTP or HTTPS.



    What am I missing here, or is the HTTP AAA support just broken?