HTTPS re-direction debug

Question

Gentlefolk, 
&nbsp;  
&nbsp; I wish to perform a redirect from a HTTP virtual server which terminates the SSL to a HTTPS server with a client and server ssl profile (encrypted all the way to the server). I have used code along the following lines: 
&nbsp;  
&nbsp; when HTTP_REQUEST {  
&nbsp; if { [HTTP::uri] end with "ME" } {  
&nbsp;   HTTP::redirect "https://10.200.132.121[HTTP::uri]"  
&nbsp; }  
&nbsp; } 
&nbsp; Logging shows that the URI is picked. 
&nbsp;  
&nbsp; The client browser displays "page not found", a sniffer trace does not show any communication from the client to the redirected address 10.200.132.121. 
&nbsp;  
&nbsp; If I make the redirect virtual server (10.200.132.121) terminate the client SSL I see the redirect on the sniffer trace and the browser is redirected to the new page. It all works!!!!!! 
&nbsp;  
&nbsp; How can I debug what is received/processed/whatever on the client PC and browser????? 
&nbsp;  
&nbsp; Any help appreciated, Ian.  src=/DesktopModules/NTForums/themes/DC4/emoticons/angry.gif width=20 height=20&gt; 
&nbsp;  
&nbsp;   
&nbsp;

hooleylist · Answer

Do you have two VIPs created?  One on http and one on https for 10.200.142.121?  And you're saying that the redirect works if the HTTPS virtual server is decrypting the traffic?  But it fails when there isn't a client and server SSL profile assigned to the VIP?  If the above is accurate, I would guess there is some kind of issue with the HTTPS virtual server.  When you remove the client and server SSL profiles, are you also removing the HTTP profile?  If not, this would cause a connection failure.  Can you post the https VIP configuration from the bigip.conf (or run 'b virtual VIP_NAME list') when it's not working? 
  
 You can use LiveHttpHeaders for Firefox of Fiddler for IE to see what the client is sending/receiving.  To add logging to the iRule, you can use the log statements.  Output for local0.* is written to /var/log/ltm by default.  You can view this in the GUI under System &gt;&gt; Logs &gt;&gt; Local Traffic or by running 'tail -f /var/log/ltm'.

when HTTP_REQUEST { 
    log local0. "[IP::client_addr]:[TCP::client_port]: Request to [IP::local_addr]:[TCP::local_port] for [HTTP::uri]" 
    if { [HTTP::uri] end with "ME" } { 
       log local0. "[IP::client_addr]:[TCP::client_port]: matched ME, redirecting to https://10.200.132.121[HTTP::uri]" 
       HTTP::redirect "https://10.200.132.121[HTTP::uri]" 
    } 
 }

Aaron

ian_upton_39258 · Answer

Gentlefolk, 
&nbsp;  
&nbsp; Managed to get an SSL debug tool.  
&nbsp; Woops an addrssing stupdity way back in the iRule. 
&nbsp;  
&nbsp; All works. 
&nbsp;  
&nbsp; Ian

Forum Discussion

HTTPS re-direction debug

2 Replies

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

Ultimate irule debug - Capture and investigate

HTTP Multipart and Security Implications

HTTPS to HTTP

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB