Forum Discussion

danielm1's avatar
danielm1
Icon for Cirrus rankCirrus
Feb 13, 2024

APM HTTP requests logs on backend side

Hello everyone.

I'm working on getting an APM Portal Access (Link Type = Application URI) HTTP requests logs to the backend.

Here's the process:

  1. External client authenticates via APM.
  2. User navigates through Webtop.
  3. User selects a Portal Access link designated as an Application URI.

This workflow functions correctly. However, issues arise when an internal resource link is clicked, which responds with a Location header redirecting to ADFS for authentication, causing a connection reset.

By utilizing tcpdump, I'm able to observe connections to the F5, including instances where those connections are reset.

Bypassing the F5, the process operates smoothly.

I aim to monitor the flow of requests from APM to the backend servers, requiring visibility into the HTTP request logs between APM and the backend. I already have the client's requests and responses, so there's no issue on that front.

Attempts to capture this include:

  • Implementing a logging resource within the policy using session.policy.*, which failed to capture any backend HTTP requests.
  • Adjusting APM Log settings to debug mode, yet this did not reveal any HTTP request logs.
  • No firewall rules dropping conns. F5 to the App URI does not have any limitation. curl is working fine.

Could you share your strategies for troubleshooting when an APM request does not succeed?

 

Thanks as always.

1 Reply

  • We strongly suggest to avoid new deployments with Portal Access. It was designed to operate with legacy backend web apps that are impossible to publish on a single DNS endpoint, such as when an app contains weird TCP ports, plaintext HTTP, multiple backend servers, and the like. Modern apps are usually all encrypted, and all published on a single DNS endpoint, and can be served using an APM virtual server in "LTM+APM" mode.

    Portal Access uses a proxying/rewriting engine to rewrite javascript and HTML in real-time as it transits the box. While it used to be pretty comprehensive, modern web apps, frameworks, and advanced newly-added HTML and Javascript features limit its usefulness.

     

    Info about Web Access Management: https://my.f5.com/manage/s/article/K08200035#link_06

     

    Info about Portal Access:

    https://my.f5.com/manage/s/article/K08200035#link_07

     

    Info about how to troubleshoot Portal Access:

    https://my.f5.com/manage/s/article/K14184