Archives / 2010 / October
  • Using URL Rewrite to Modify WebDAV PROPFIND Responses with BIG-IP's SSL Offloading

    I ran into an interesting situation recently where a customer was using F5's BIG-IP for SSL offloading with their web farm and they were having problems with WebDAV. Here's the details of the scenario: BIG-IP adds a proprietary FRONT-END-HTTPS: ON header to requests, and that header is ignored by IIS 7 because it's proprietary to BIG-IP. This is expected behavior, but it presented an interesting problem from a WebDAV perspective - the responses to PROPFIND requests contain XML with URLs. Since BIG-IP is performing SSL offloading, the requests use HTTPS to BIG-IP, then HTTP from BIG-IP to IIS, so the URLs in the XML of a PROPFIND response are listed using HTTP instead of HTTPS. So when a WebDAV client tries to access any of the URLs from the PROPFIND response, it's using the non-secure URL instead of the secure URL.