Forum Discussion
APM HTTP requests logs on backend side
Hello everyone.
I'm working on getting an APM Portal Access (Link Type = Application URI) HTTP requests logs to the backend.
Here's the process:
- External client authenticates via APM.
- User navigates through Webtop.
- User selects a Portal Access link designated as an Application URI.
This workflow functions correctly. However, issues arise when an internal resource link is clicked, which responds with a Location header redirecting to ADFS for authentication, causing a connection reset.
By utilizing tcpdump, I'm able to observe connections to the F5, including instances where those connections are reset.
Bypassing the F5, the process operates smoothly.
I aim to monitor the flow of requests from APM to the backend servers, requiring visibility into the HTTP request logs between APM and the backend. I already have the client's requests and responses, so there's no issue on that front.
Attempts to capture this include:
- Implementing a logging resource within the policy using session.policy.*, which failed to capture any backend HTTP requests.
- Adjusting APM Log settings to debug mode, yet this did not reveal any HTTP request logs.
- No firewall rules dropping conns. F5 to the App URI does not have any limitation. curl is working fine.
Could you share your strategies for troubleshooting when an APM request does not succeed?
Thanks as always.
- Lucas_Thompson
Employee
We strongly suggest to avoid new deployments with Portal Access. It was designed to operate with legacy backend web apps that are impossible to publish on a single DNS endpoint, such as when an app contains weird TCP ports, plaintext HTTP, multiple backend servers, and the like. Modern apps are usually all encrypted, and all published on a single DNS endpoint, and can be served using an APM virtual server in "LTM+APM" mode.
Portal Access uses a proxying/rewriting engine to rewrite javascript and HTML in real-time as it transits the box. While it used to be pretty comprehensive, modern web apps, frameworks, and advanced newly-added HTML and Javascript features limit its usefulness.
Info about Web Access Management: https://my.f5.com/manage/s/article/K08200035#link_06
Info about Portal Access:
https://my.f5.com/manage/s/article/K08200035#link_07
Info about how to troubleshoot Portal Access:
https://my.f5.com/manage/s/article/K14184
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com