Forum Discussion
NimbostratusCan't get my redirect to work !!!
Hi All,
I'm trying to get my redirect to work and I'm have some problems, can some one put me right please.
when HTTP_REQUEST {
if { [HTTP::uri] equals "https://test.geowessex.com" } {
HTTP::redirect "https://test.geowessex.com/geoserver/"}
elseif { [HTTP::uri] equals "https://test2.geowessex.com" } {
HTTP::redirect "https://vmcrgifme1"}
}
27 Replies
paul_dccHi Patrik,
I removed the security policy and it made no difference, So I know it's not the ASM part given me the problem. Looking at the irule I had in place at the start, this also did not work at closer inspection. So I'm back to needing an irule that can do both the redirects, I hope you can help Patrik or any one else out there.
Many Thanks
Paul
Hi Paul!
Yeah, the initial hosts was a bit strange to begin with and we would have had to fix them with some string manipulations later on anyway in order for normal requests to pass as well.
Let's start with reverting to my original suggestion:
when HTTP_REQUEST { set host [string tolower [HTTP::host]] log local0. $host if { $host equals "test.geowessex.com" } { log local0. "Redirected based on $host" HTTP::redirect "https://test.geowessex.com/geoserver/"} elseif { $host equals "test2.geowessex.com" } { log local0. "Redirected based on $host" HTTP::redirect "https://vmcrgifme1" } }This rule would require you to hit the VS with either test.geowessex.com or test2.geowessex.com in order to trigger.
Then let's see if you hit the VS when using both of them. Login to the LTM over SSH and run the following command:
tcpdump -nni any host [virtual server ip] and host [your client ip]
Then browse to both domains and make sure that a full handshake is established and data is being sent in both cases.
Please let me know the outcome.
/Patrik
- paul_dcc
Hi Patrik,
The redirect still not working, tcpdump below;
[root@asm1:Active:Standalone] config tcpdump -nni any host 195.49.180.208 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type EN10MB (Ethernet), capture size 96 bytes 07:51:46.449816 arp who-has 195.49.180.208 tell 195.49.180.193 07:51:46.449832 arp reply 195.49.180.208 is-at 00:01:d7:d9:41:83 07:51:46.449957 IP 172.23.101.211.59931 > 195.49.180.208.443: S 4045951861:4045951861(0) win 8192 07:51:46.449987 IP 195.49.180.208.443 > 172.23.101.211.59931: S 945986584:945986584(0) ack 4045951862 win 4380 07:51:46.450298 IP 172.23.101.211.59931 > 195.49.180.208.443: . ack 1 win 64240 07:51:46.449960 IP 172.23.101.211.59932 > 195.49.180.208.443: S 427388285:427388285(0) win 8192 07:51:46.449993 IP 195.49.180.208.443 > 172.23.101.211.59932: S 713890173:713890173(0) ack 427388286 win 4380 07:51:46.450388 IP 172.23.101.211.59932 > 195.49.180.208.443: . ack 1 win 64240 07:51:46.450920 IP 172.23.101.211.59931 > 195.49.180.208.443: P 1:170(169) ack 1 win 64240 07:51:46.450944 IP 195.49.180.208.443 > 172.23.101.211.59931: P 1:1369(1368) ack 170 win 4380 07:51:46.451341 IP 172.23.101.211.59931 > 195.49.180.208.443: . ack 1369 win 62872 07:51:46.450901 IP 172.23.101.211.59932 > 195.49.180.208.443: P 1:170(169) ack 1 win 64240 07:51:46.450935 IP 195.49.180.208.443 > 172.23.101.211.59932: P 1:1369(1368) ack 170 win 4380 07:51:46.451333 IP 172.23.101.211.59932 > 195.49.180.208.443: . ack 1369 win 62872 07:51:46.452249 IP 172.23.101.211.59932 > 195.49.180.208.443: P 170:484(314) ack 1369 win 62872 07:51:46.452262 IP 195.49.180.208.443 > 172.23.101.211.59932: . ack 484 win 4863 07:51:46.452592 IP 172.23.101.211.59931 > 195.49.180.208.443: P 170:484(314) ack 1369 win 62872 07:51:46.452602 IP 195.49.180.208.443 > 172.23.101.211.59931: . ack 484 win 4863 07:51:46.455267 IP 195.49.180.208.443 > 172.23.101.211.59932: P 1369:1416(47) ack 484 win 4863 07:51:46.455574 IP 195.49.180.208.443 > 172.23.101.211.59931: P 1369:1416(47) ack 484 win 4863
- Please post the ltm log as well. /Patrik
- And also you forgot one of the IPs in the tcpdump: Example: tcpdump -nni any host 195.49.180.208 and host 10.10.10.1 /Patrik
- paul_dcc
Hi Patrik,
Here you go;
[root@asm1:Active:Standalone] config tcpdump -nni any host 195.49.180.253 and host 172.23.101.78 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type EN10MB (Ethernet), capture size 96 bytes 08:24:45.077001 IP 195.49.180.253.43746 > 172.23.101.78.8080: S 3716338419:3716338419(0) win 14600 08:24:45.077996 IP 172.23.101.78.8080 > 195.49.180.253.43746: S 3980470878:3980470878(0) ack 3716338420 win 8192 08:24:45.078520 IP 195.49.180.253.43746 > 172.23.101.78.8080: . ack 1 win 115 08:24:45.078805 IP 195.49.180.253.43746 > 172.23.101.78.8080: P 1:134(133) ack 1 win 115 08:24:45.080169 IP 172.23.101.78.8080 > 195.49.180.253.43746: P 1:87(86) ack 134 win 514 08:24:45.080234 IP 172.23.101.78.8080 > 195.49.180.253.43746: P 87:93(6) ack 134 win 514 08:24:45.080236 IP 172.23.101.78.8080 > 195.49.180.253.43746: P 93:130(37) ack 134 win 514 08:24:45.080509 IP 195.49.180.253.43746 > 172.23.101.78.8080: . ack 87 win 115 08:24:45.080512 IP 195.49.180.253.43746 > 172.23.101.78.8080: . ack 93 win 115 08:24:45.080514 IP 195.49.180.253.43746 > 172.23.101.78.8080: . ack 130 win 115 08:24:45.080792 IP 195.49.180.253.43746 > 172.23.101.78.8080: P 134:177(43) ack 130 win 115 08:24:45.080917 IP 195.49.180.253.43746 > 172.23.101.78.8080: P 177:205(28) ack 130 win 115 08:24:45.081303 IP 172.23.101.78.8080 > 195.49.180.253.43746: . ack 205 win 514 08:24:45.082497 IP 172.23.101.78.8080 > 195.49.180.253.43746: P 130:348(218) ack 205 win 514 08:24:45.082503 IP 172.23.101.78.8080 > 195.49.180.253.43746: F 348:348(0) ack 205 win 514 08:24:45.083625 IP 195.49.180.253.43746 > 172.23.101.78.8080: P 205:228(23) ack 349 win 123 08:24:45.083693 IP 195.49.180.253.43746 > 172.23.101.78.8080: F 228:228(0) ack 349 win 123 08:24:45.084047 IP 172.23.101.78.8080 > 195.49.180.253.43746: R 349:349(0) ack 228 win 0 08:24:45.084182 IP 172.23.101.78.8080 > 195.49.180.253.43746: R 3980471227:3980471227(0) win 0 08:24:50.078828 IP 195.49.180.253.43764 > 172.23.101.78.8080: S 209766624:209766624(0) win 14600 08:24:50.081892 IP 172.23.101.78.8080 > 195.49.180.253.43764: S 3264714030:3264714030(0) ack 209766625 win 8192
The problem is that there is traffic all the time (health monitor), please correct me if i'm wrong but you wont see any think from the VS (VIP address) as it will be making a new connection (reverse proxy) from the ASM IP address ? (VS is 195.49.180.208 and the ASM address is 195.49.180.253) is this not how it works ?
- All I wanted to see here was that your client reaches the VIP when using both dns's, and the ltm log shows that. /Patrik
- paul_dcc
Wed Jun 25 08:34:19 BST 2014 info asm1 tmm1[11765] Rule /Common/New-Geowessex-Redirect : test.geowessex.com Wed Jun 25 08:34:19 BST 2014 info asm1 tmm1[11765] Rule /Common/New-Geowessex-Redirect : test.geowessex.com Wed Jun 25 08:34:19 BST 2014 info asm1 tmm1[11765] Rule /Common/New-Geowessex-Redirect : test.geowessex.com Wed Jun 25 08:34:19 BST 2014 info asm1 tmm1[11765] Rule /Common/New-Geowessex-Redirect : test.geowessex.com Wed Jun 25 08:34:25 BST 2014 info asm1 tmm[11765] Rule /Common/New-Geowessex-Redirect : test2.geowessex.com
Hi!
Did you include the three log functions below?
when HTTP_REQUEST { set host [string tolower [HTTP::host]] log local0. $host if { $host equals "test.geowessex.com" } { log local0. "Redirected based on $host" HTTP::redirect "https://test.geowessex.com/geoserver/"} elseif { $host equals "test2.geowessex.com" } { log local0. "Redirected based on $host" HTTP::redirect "https://vmcrgifme1" } }/Patrik
- paul_dcc
OK Patrik,
I will get that info and post asap
- paul_dcc
TCPDUMP (handshake fine)
tcpdump -nni any host 195.49.180.208 and host 172.23.101.211
[root@asm1:Active:Standalone] config tcpdump -nni any host 195.49.180.208 and host 172.23.101.211 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type EN10MB (Ethernet), capture size 96 bytes 09:52:44.897765 IP 172.23.101.211.61578 > 195.49.180.208.443: S 1273076969:1273076969(0) win 8192 09:52:44.897794 IP 195.49.180.208.443 > 172.23.101.211.61578: S 157152641:157152641(0) ack 1273076970 win 4380 09:52:44.898242 IP 172.23.101.211.61578 > 195.49.180.208.443: . ack 1 win 64240
Internal log
Wed Jun 25 09:52:45 BST 2014 info asm1 tmm1[11765] Rule /Common/New-Geowessex-Redirect : test.geowessex.com Wed Jun 25 09:52:45 BST 2014 info asm1 tmm1[11765] Rule /Common/New-Geowessex-Redirect : Redirected based on test.geowessex.com
Ok, let's see.
root@asm1:Active:Standalone] config tcpdump -nni any host 195.49.180.208 and host 172.23.101.211 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type EN10MB (Ethernet), capture size 96 bytes 09:52:44.897765 IP 172.23.101.211.61578 > 195.49.180.208.443: S 1273076969:1273076969(0) win 8192 09:52:44.897794 IP 195.49.180.208.443 > 172.23.101.211.61578: S 157152641:157152641(0) ack 1273076970 win 4380 09:52:44.898242 IP 172.23.101.211.61578 > 195.49.180.208.443: . ack 1 win 64240Here you got the handshake (I guess you ommitted the data?), that's good.
Wed Jun 25 09:52:45 BST 2014 info asm1 tmm1[11765] Rule /Common/New-Geowessex-Redirect : test.geowessex.com Wed Jun 25 09:52:45 BST 2014 info asm1 tmm1[11765] Rule /Common/New-Geowessex-Redirect : Redirected based on test.geowessex.comAnd here you can see that the redirect fired as expected. Were you redirected? What did the browser say?
/Patrik
- paul_dcc
Hi Patrik,
Your irule does work, it's our app's guy who gave me the wrong info. So my problem is fixed. Thanks for all your help.
Paul
