For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Nov 22, 2011

ActiveSync via APM

Does anyone know which HTTP methods are supported in APM? Currently I have a test F5 with APM enabled in a VS that is in front of an exchange server for providing active-sync access.

Ideally we want to use APM to make web access users authenticate with secureid token, and activesync users with 'something else'. (Maybe a cert). But in testing I get HTTP parsing errors 


Nov 22 17:18:39 local/cdc-3-lb4 err apd[5767]: 01490000:3: HTTPParser.cpp func: "parseHttpRequestHeader()" line: 174 Msg: Unknown HTTP method: OPTIONS
Nov 22 17:18:39 local/cdc-3-lb4 err apd[5767]: 01490093:3: 00000000: Request header parsing failed while processing request from remote client

Now... I don't get these errors on HTTP enabled VS's that don't have APM on them... Which suggests to me that APM is using a different parser for HTTP than the HTTP profiles use.

anyone know which HTTP methods are supported on APM? And what's the results if I disable HTTP processing on receipt of the OPTIONS method?

H

config
design

4 Replies

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Nov 22, 2011
    Ahh... Ignore me... Must have run the Wizzard wrong, because the _sys_APM_activesync iRule is missing form the VS (sol13074: Configuring BIG-IP APM as a proxy for Microsoft Exchange ActiveSync)

     

     

    H
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 23, 2011
    Hey Hamish,

     

     

    Were you testing with a limited APM license (ie, not a full license)? If so, I think there might be an issue with the system APM iRules being loaded from the profile_base.conf into the running config.

     

     

    Aaron
  • John_Alam_45640's avatar
    John_Alam_45640
    Historic F5 Account
    Apr 13, 2012
    Note: For v11.1 check out this solution: sol13497

     

    https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13497.html?sr=20682626

     

  • dubdub's avatar
    dubdub
    Icon for Nimbostratus rankNimbostratus
    May 02, 2012
    Hi all,

    I'm running into a similar error as Hamish - 

    May 1 20:43:06 ltm1 err apd[13484]: 01490000:3: AccessPolicyD.cpp func: "process_request()" line: 699 Msg: EXCEPTION AccessPolicyD.cpp line:619 function: process_request - error reading from socket
May 1 20:43:06 ltm1 err apd[13484]: 01490000:3: HTTPParser.cpp func: "parseHttpRequestHeader()" line: 174 Msg: Unknown HTTP method: OPTIONS

    in my 11.1 HF1 config with APM in front of ActiveSync. It seems limited and sporadic and I haven't been able to tie it to a specific test case. I'm not using the _sys_APM_activesync rule itself, but a very slimmed down custom variant of it: 

    when HTTP_REQUEST {
  if { ![HTTP::cookie exists "MRHSession"] } {
     HTTP::header replace "clientless-mode" 1
     if { [HTTP::header Authorization] eq "" }{
        HTTP::respond 401 WWW-Authenticate Basic
     }
  }
}

    I don't see anything in the _sys_APM_activesync rule that specifically addresses the HTTP method, but it's also not the same exact error message that Hamish was seeing. The "error reading from socket" concerns me. I have a max user APM license. Any suggestions?

    Thanks,

    Jen