Filter by:
  • Solution
  • Technology

answers

Intercepting crossdomain.xml requests irule works with HTTP but not with HTTPS - please help

Updated 1/17/2013 • Originally posted on 16-Jan-2013 by Steve Kelly 0

Hi

I made an iRule to intercept flash client requests for the crossdomain.xml file, and masked it with another xml. This all works fine with HTTP request, but when trying to add the iRule to another virtual server using HTTPS and SSL offloading i get the following:

01070394:3: HTTP_REQUEST event in rule (faceme_set_crossdomain) requires an associated HTTP or FASTHTTP profile on the virtual server (vs_dev_faceme_rtmp).

I'm a bit of a newb so please be gentle, but any help would be appreciated.

I also tried, setting an HTTP Profile in the virtual server but, client requests seemed to fall into a hole.

 

0
Rate this Question

Answers to this Question

8 Answers:

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 17-Jan-2013 • Originally posted on 17-Jan-2013 by What Lies Beneath 6427

Hey Steve. There's no reason the iRule shouldn't work on a SSL terminating standard Virtual Server. Two questions;

1) Are there other iRules assigned to the SSL VS?
2) Could you post the VS configuration from the CLI: tmsh list ltm virtual 'name'

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 17-Jan-2013 • Originally posted on 17-Jan-2013 by Steve Kelly 0

Thanks Steve for your quick reply, there are no other iRules assigned to the SSL VS, and here's the VS info:

 

ltm virtual vs_dev_faceme_rtmp {
    destination 123.100.113.198:https
    ip-protocol tcp
    mask 255.255.255.255
    pool dev_rtmp
    profiles {
        dev_stream1_ssl {
            context clientside
        }
        tcp { }
    }
}
 
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 17-Jan-2013 • Originally posted on 17-Jan-2013 by nitass 12650
i do not think http profile is applicable.

Real Time Messaging Protocol
http://en.wikipedia.org/wiki/Real_Time_Messaging_Protocol
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 18-Jan-2013 • Originally posted on 18-Jan-2013 by What Lies Beneath 6427
Is the Virtual handling RTMP traffic rather than HTTP?
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 20-Jan-2013 • Originally posted on 20-Jan-2013 by Steve Kelly 0
Hi Yeah the rtmp session is wrapped in an ssl session actually. We are using the rtmps protocol.
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 21-Jan-2013 • Originally posted on 21-Jan-2013 by What Lies Beneath 6427
OK, in which case you'll not be able to use HTTP related events. Perhaps you can post the code (suitably secured) and we can find a different way?
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 21-Jan-2013 • Originally posted on 21-Jan-2013 by Steve Kelly 0
Here's the iRule (no problem with it being unsecured):

when HTTP_REQUEST {
log local0.info "GOT REQUEST"

set crossdomain {






}

if { [HTTP::path] equals "/crossdomain.xml"} {

log local0.info "CAUGHT CROSSDOMAIN REQUEST"
HTTP::respond 200 content $crossdomain
HTTP::release

} else {

log local0.info "MOVING ON"

return

}

}
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Updated 22-Jan-2013 • Originally posted on 22-Jan-2013 by What Lies Beneath 6427
OK, so as I said, we can't use the HTTP events. Would you be able to do a tcpdump to see what the request for this resource actually looks like please? We could then probably search for it and use TCP::respond to send the response. Shame there's no built in support for RTMP.
;