Forum Discussion

markn11_229516's avatar
markn11_229516
Icon for Nimbostratus rankNimbostratus
Jun 08, 2016

Accessing web server by IP

Hi,

 

Somewhat of a silly question here. I currently have a VIP setup for one of my web servers which uses https. I have the SSL certificate on my LTM. Everything is working as expected. One thing I noticed though was if I tried to visit the page via IP address, the F5 will not let me reach the site. Obviously, I'd always want to connect using the fqdn that matches the certificate, but I was expecting to see a certificate warning and being able to click continue on it anyway. I was not able to do that. I'm just trying to figure out why that is, just so I know.

 

application delivery
LTM
security

10 Replies

Sort By
  • gbam_190768's avatar
    gbam_190768
    Icon for Cirrus rankCirrus
    Jun 08, 2016

    Test the connection from the F5 to the web server using a curl. See if you can get a response to the node IP directly. My guess is your problem is on the back end. The web server isn't handling isn't what site to return (IE it's hosting multiple sites).

     

  • Ryan_80361's avatar
    Ryan_80361
    Icon for Cirrostratus rankCirrostratus
    Jun 08, 2016

    You mentioned that you have an SSL certificate on your LTM, I assume you have created and applied a client SSL profile to you https virtual server? Are you performing SSL offloading or SSL bridging?

     

    • markn11_229516's avatar
      markn11_229516
      Icon for Nimbostratus rankNimbostratus
      Jun 08, 2016
      Correct. I have a Client SSL profile on it. The virtual server is configured for HTTPS (443), the members are configured for port 80. I'm performing SSL Offloading. @gbamm - there is only 1 website configured on the web server. I'll have to do some research on using curl, I've never used before.
  • Ryannnnnnnnn's avatar
    Ryannnnnnnnn
    Icon for Altocumulus rankAltocumulus
    Jun 08, 2016

    You mentioned that you have an SSL certificate on your LTM, I assume you have created and applied a client SSL profile to you https virtual server? Are you performing SSL offloading or SSL bridging?

     

    • markn11_229516's avatar
      markn11_229516
      Icon for Nimbostratus rankNimbostratus
      Jun 08, 2016
      Correct. I have a Client SSL profile on it. The virtual server is configured for HTTPS (443), the members are configured for port 80. I'm performing SSL Offloading. @gbamm - there is only 1 website configured on the web server. I'll have to do some research on using curl, I've never used before.
  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Icon for Nacreous rankNacreous
    Jun 08, 2016

    Hi,

    To test your webserver from F5, you can use curl :

    curl --verbose http://x.x.x.x/

    add host header to your request :

    curl --verbose --header 'Host: www.example.com' http://x.x.x.x

    add User-Agent to your request : 

    curl --verbose -A "MySpecialUserAgent" http://x.x.x.x

    You can also test your VS from the F5 system : 

    curl -k --verbose --header 'Host: www.example.com' https://vs_ip_address

    -k flag is used to bypass eventual ssl warnings

    • Yann_Desmarest_'s avatar
      Yann_Desmarest_
      Icon for Nacreous rankNacreous
      Jun 08, 2016
      Are you sure that your webserver listen on ip address or maybe some Virtual Hosting is used
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jun 08, 2016

    Hi,

    To test your webserver from F5, you can use curl :

    curl --verbose http://x.x.x.x/

    add host header to your request :

    curl --verbose --header 'Host: www.example.com' http://x.x.x.x

    add User-Agent to your request : 

    curl --verbose -A "MySpecialUserAgent" http://x.x.x.x

    You can also test your VS from the F5 system : 

    curl -k --verbose --header 'Host: www.example.com' https://vs_ip_address

    -k flag is used to bypass eventual ssl warnings

    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      Jun 08, 2016
      Are you sure that your webserver listen on ip address or maybe some Virtual Hosting is used