Forum Discussion

centur_140148's avatar
centur_140148
Icon for Nimbostratus rankNimbostratus
May 20, 2015

Problems with local traffic policies while using http-uri scheme or port conditions

A local traffic policy rule does not work:

 

I inserted a new local traffic policy:

 

  • requires: http
  • controls: forwarding

Then I added a policy rule with:

 

Operand:http-uri Event:request Selector:scheme Condition:equals Values:http

 

That rule does not fire. Additionally, modifying the rule to use port with value 80 does not work either.

 

Another rule:

 

Operand:http-host Event:request Selector:Port Values:80

 

does not work either.

 

But, if I use another Selector like http-uri -> path or so, that works.

 

F5 Version: 11.5.1

 

What is wrong? Is that functionality not yet implemented?

 

application delivery
LTM

4 Replies

Sort By
  • centur_140148's avatar
    centur_140148
    Icon for Nimbostratus rankNimbostratus
    May 21, 2015

    The condition part in bigip.conf looks like that:

            conditions {
            0 {
                http-uri
                scheme
                values { http }
            }
        }

    I discovered that none of http-uri -> all, scheme, port, host is working as expected.

    On top, the policy control "tcp" seem not work either: I selected the tcp control and then tried to define a condition like tcp -> Port 80 -> do something.

    • Peter_Baumann_5's avatar
      Peter_Baumann_5
      Icon for Nimbostratus rankNimbostratus
      Jun 03, 2015
      "I discovered that none of http-uri -> all, scheme, port, host is working as expected." -> I can confirm that this is also NOT working with v11.6.0 HF4
    • Peter_Baumann's avatar
      Peter_Baumann
      Icon for Cirrostratus rankCirrostratus
      Jun 03, 2015
      I figured out more on this. Check out the following link: http://www8.org/w8-papers/5c-protocols/key/key.html under "Internet address conservation“. In HTTP/1.1 a Host-Header is a MUST in HTTP/1.0 a Host-Header is a MAY. So you're only able to use http-host operand when it is HTTP/1.1 when it is HTTP/1.0 it MAY not work ;-)
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 04, 2015

    i understand http-uri's scheme is for proxy request.

     configuration

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    policies {
        cpm1 { }
    }
    profiles {
        http { }
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 18
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool proxyp
ltm pool proxyp {
    members {
        172.28.24.1:3128 {
            address 172.28.24.1
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm policy cpm1
ltm policy cpm1 {
    controls { forwarding }
    requires { tcp http }
    rules {
        rule1 {
            actions {
                0 {
                    forward
                    select
                    pool proxyp
                }
            }
            conditions {
                0 {
                    http-uri
                    scheme
                    values { http }
                }
            }
            ordinal 1
        }
    }
    strategy first-match
}

 trace

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80 or port 3128
New TCP connection 1: 192.168.206.117(50517) <-> 172.28.24.10(80)
1433405981.6632 (0.0036)  C>S
---------------------------------------------------------------
GET http://www.starbucks.com/ HTTP/1.1
Host: www.starbucks.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

---------------------------------------------------------------

New TCP connection 2: 172.28.24.14(50517) <-> 172.28.24.1(3128)
1433405981.6648 (0.0014)  C>S
---------------------------------------------------------------
GET http://www.starbucks.com/ HTTP/1.1
Host: www.starbucks.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

---------------------------------------------------------------