For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Scot_85536's avatar
Scot_85536
Icon for Nimbostratus rankNimbostratus
Jul 31, 2009

Can't read cookie on F5 terminated SSL?

Hey everyone,   I've got a VIP that I can connect to via HTTP and HTTPS, with the BigIP terminating the SSL with a client SSL profile. Nothing set for the server SSL profile as I don't need to ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 05, 2009
Can you try changing this line:

 

 

node [HTTP::cookie F5NODEPERSIST]

 

 

to:

 

 

node [HTTP::cookie F5NODEPERSIST] 80

 

 

and retest? If that doesn't work, it would really help to see the full iRule and the full log logs from a failure. I understand that there may be nothing more than log statements, but that's exactly what I want to see in order to understand what request(s) are being made and what commands are being run. It would help if you could prefix the log statements as log local0. "[IP::client_addr]:[TCP::client_port]: ". If you're using the same iRule on HTTP and HTTPS virtual servers, can you also add a log statement to the very beginning containing the local IP:port:

 

 

log local0. "[IP::cient_addr]:[TCP::client_port]: New request to [IP::local_addr]:[TCP::local_port] for [HTTP::uri]"

 

 

You can change the first two octets of the client and virtual server IP addresses to anonymize the logs.

 

 

Aaron