Forum Discussion
NimbostratusAccessing web server by IP
Hi,
Somewhat of a silly question here. I currently have a VIP setup for one of my web servers which uses https. I have the SSL certificate on my LTM. Everything is working as expected. One thing I noticed though was if I tried to visit the page via IP address, the F5 will not let me reach the site. Obviously, I'd always want to connect using the fqdn that matches the certificate, but I was expecting to see a certificate warning and being able to click continue on it anyway. I was not able to do that. I'm just trying to figure out why that is, just so I know.
10 Replies
gbam_190768Cirrus
Test the connection from the F5 to the web server using a curl. See if you can get a response to the node IP directly. My guess is your problem is on the back end. The web server isn't handling isn't what site to return (IE it's hosting multiple sites).
Ryan_80361Cirrostratus
You mentioned that you have an SSL certificate on your LTM, I assume you have created and applied a client SSL profile to you https virtual server? Are you performing SSL offloading or SSL bridging?
markn11_229516Correct. I have a Client SSL profile on it. The virtual server is configured for HTTPS (443), the members are configured for port 80. I'm performing SSL Offloading. @gbamm - there is only 1 website configured on the web server. I'll have to do some research on using curl, I've never used before.
RyannnnnnnnnAltocumulus
You mentioned that you have an SSL certificate on your LTM, I assume you have created and applied a client SSL profile to you https virtual server? Are you performing SSL offloading or SSL bridging?
- markn11_229516Correct. I have a Client SSL profile on it. The virtual server is configured for HTTPS (443), the members are configured for port 80. I'm performing SSL Offloading. @gbamm - there is only 1 website configured on the web server. I'll have to do some research on using curl, I've never used before.
Yann_Desmarest_Nacreous
Hi,
To test your webserver from F5, you can use curl :
curl --verbose http://x.x.x.x/add host header to your request :
curl --verbose --header 'Host: www.example.com' http://x.x.x.xadd User-Agent to your request :
curl --verbose -A "MySpecialUserAgent" http://x.x.x.xYou can also test your VS from the F5 system :
curl -k --verbose --header 'Host: www.example.com' https://vs_ip_address-k flag is used to bypass eventual ssl warnings
- Yann_Desmarest_Are you sure that your webserver listen on ip address or maybe some Virtual Hosting is used
Yann_DesmarestHi,
To test your webserver from F5, you can use curl :
curl --verbose http://x.x.x.x/add host header to your request :
curl --verbose --header 'Host: www.example.com' http://x.x.x.xadd User-Agent to your request :
curl --verbose -A "MySpecialUserAgent" http://x.x.x.xYou can also test your VS from the F5 system :
curl -k --verbose --header 'Host: www.example.com' https://vs_ip_address-k flag is used to bypass eventual ssl warnings
- Yann_DesmarestAre you sure that your webserver listen on ip address or maybe some Virtual Hosting is used
jaikumar_f5Noctilucent
Can you take a tcpdump on this and analyze where the packet is resetting.
