problem on https and http on vs

Question

Hi &nbsp;&nbsp;i have a VS with allot of custom things on it SSL offloading on the F5 this i ned to figure our how i'm gonna get this to work on http and https. client side everything is https and server side everything is http. this is the VS&nbsp;&nbsp;&nbsp;    destination 10.211.184.100:20175&nbsp;    ip-protocol tcp&nbsp;    mask 255.255.255.255&nbsp;    partition SOA&nbsp;    pool pool_ttl_dev&nbsp;    profiles {&nbsp;        /Common/tcp { }&nbsp;        /Common/wilcard_mtn {&nbsp;            context clientside&nbsp;        }&nbsp;        SOA_Profile { }&nbsp;        SOA_expression { }&nbsp;    }&nbsp;    rules {&nbsp;        Logging&nbsp;        Irule_ttl_dev_http&nbsp;        Streaming_SOA&nbsp;    }&nbsp;    snat automap&nbsp;    vlans-disabled&nbsp;}&nbsp;&nbsp;&nbsp;&nbsp;this is my http profile.&nbsp;&nbsp;&nbsp;ltm profile http SOA_Profile {&nbsp;    app-service none&nbsp;    basic-auth-realm none&nbsp;    defaults-from /Common/http&nbsp;    encrypt-cookies none&nbsp;    fallback-host none&nbsp;    fallback-status-codes none&nbsp;    header-erase none&nbsp;    header-insert none&nbsp;    insert-xforwarded-for disabled&nbsp;    lws-separator none&nbsp;    lws-width 80&nbsp;    max-header-count 64&nbsp;    max-header-size 32768&nbsp;    max-requests 0&nbsp;    oneconnect-transformations enabled&nbsp;    pipelining enabled&nbsp;    redirect-rewrite all&nbsp;    request-chunking preserve&nbsp;    response-chunking selective&nbsp;    response-headers-permitted none&nbsp;    security disabled&nbsp;    via-request preserve&nbsp;    via-response preserve&nbsp;}&nbsp;&nbsp;&nbsp;&nbsp;and this the rule that i have...&nbsp;&nbsp;&nbsp;    when CLIENT_ACCEPTED {&nbsp;   switch [TCP::local_port] {&nbsp;      80 {&nbsp;         SSL::disable clientside&nbsp;         SSL::disable serverside&nbsp;         pool pool_ttl_dev&nbsp;           }&nbsp;     }&nbsp;}&nbsp;}&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

nitass · Answer

so, what is the problem? 
&nbsp;  
&nbsp; by the way, TCP::local_port won't return 80 since the virtual is listening on port 20175 i.e. it will return 20175 only.

angelo · Answer

the problem is that i need this to work like this. if you put in the URI http://www.ttl.com:20175 and https://www.ttl.com:20175 they both should work but thus far i can only get the https to work...

nitass · Answer

e.g. 
  
 [root@ve10:Active] config  b virtual bar list
virtual bar {
   translate service enable
   snat automap
   pool foo
   destination 172.28.19.79:any
   ip protocol 6
   rules myrule
   profiles {
      clientssl {
         clientside
      }
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
   switch [TCP::local_port] {
      80 { SSL::disable clientside }
      443 { }
      default { reject }
   }
}
}

[root@ve10:Active] config  curl -I http://172.28.19.79
HTTP/1.1 200 OK
Date: Fri, 24 Aug 2012 05:22:17 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8

[root@ve10:Active] config  curl -Ik https://172.28.19.79
HTTP/1.1 200 OK
Date: Fri, 24 Aug 2012 05:22:22 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8

angelo · Answer

I have another problem i have multiple backend application running so i can't open any on the VS. this is for a SOA implementation thus i have the different VS on different port to segregate the application 20175 is for SOA 20177 BAM and so forth.

nitass · Answer

sorry i misread the question. what about this one? 
  
 [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:20175
   ip protocol 6
   profiles {
      myclientssl {
         clientside
      }
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b profile myclientssl list
profile clientssl myclientssl {
   defaults from clientssl
   nonssl enable
}
[root@ve10:Active] config  curl -I http://172.28.19.79:20175
HTTP/1.1 200 OK
Date: Fri, 24 Aug 2012 05:42:17 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8

[root@ve10:Active] config  curl -Ik https://172.28.19.79:20175
HTTP/1.1 200 OK
Date: Fri, 24 Aug 2012 05:42:24 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8

Forum Discussion

problem on https and http on vs

6 Replies

Recent Discussions

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

HTTP To HTTPS Redirect 301

What is HTTP Part X - HTTP/2

HTTP Header responce problem

HTTP Request Throttle

HTTP and HTTPS monitor using node.js