Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral




Intercepting crossdomain.xml requests irule works with HTTP but not with HTTPS - please help


I made an iRule to intercept flash client requests for the crossdomain.xml file, and masked it with another xml. This all works fine with HTTP request, but when trying to add the iRule to another virtual server using HTTPS and SSL offloading i get the following:

01070394:3: HTTP_REQUEST event in rule (faceme_set_crossdomain) requires an associated HTTP or FASTHTTP profile on the virtual server (vs_dev_faceme_rtmp).

I'm a bit of a newb so please be gentle, but any help would be appreciated.

I also tried, setting an HTTP Profile in the virtual server but, client requests seemed to fall into a hole.


8 Answer(s):

Hey Steve. There's no reason the iRule shouldn't work on a SSL terminating standard Virtual Server. Two questions;

1) Are there other iRules assigned to the SSL VS?
2) Could you post the VS configuration from the CLI: tmsh list ltm virtual 'name'

Thanks Steve for your quick reply, there are no other iRules assigned to the SSL VS, and here's the VS info:


ltm virtual vs_dev_faceme_rtmp {
    ip-protocol tcp
    pool dev_rtmp
    profiles {
        dev_stream1_ssl {
            context clientside
        tcp { }
i do not think http profile is applicable.

Real Time Messaging Protocol
Is the Virtual handling RTMP traffic rather than HTTP?
Hi Yeah the rtmp session is wrapped in an ssl session actually. We are using the rtmps protocol.
OK, in which case you'll not be able to use HTTP related events. Perhaps you can post the code (suitably secured) and we can find a different way?
Here's the iRule (no problem with it being unsecured):

log local0.info "GOT REQUEST"

set crossdomain {


if { [HTTP::path] equals "/crossdomain.xml"} {

HTTP::respond 200 content $crossdomain

} else {

log local0.info "MOVING ON"



OK, so as I said, we can't use the HTTP events. Would you be able to do a tcpdump to see what the request for this resource actually looks like please? We could then probably search for it and use TCP::respond to send the response. Shame there's no built in support for RTMP.

Your answer: