Archives
-
Using URL Rewrite to Modify WebDAV PROPFIND Responses with BIG-IP's SSL Offloading
I ran into an interesting situation recently where a customer was using F5's BIG-IP for SSL offloading with their web farm and they were having problems with WebDAV. Here's the details of the scenario: BIG-IP adds a proprietary
FRONT-END-HTTPS: ONheader to requests, and that header is ignored by IIS 7 because it's proprietary to BIG-IP. This is expected behavior, but it presented an interesting problem from a WebDAV perspective - the responses to PROPFIND requests contain XML with URLs. Since BIG-IP is performing SSL offloading, the requests use HTTPS to BIG-IP, then HTTP from BIG-IP to IIS, so the URLs in the XML of a PROPFIND response are listed using HTTP instead of HTTPS. So when a WebDAV client tries to access any of the URLs from the PROPFIND response, it's using the non-secure URL instead of the secure URL.