Forum Discussion

Tom_Lauwereins_'s avatar
Tom_Lauwereins_
Icon for Nimbostratus rankNimbostratus
Jan 23, 2018

Custom post AAA HTTP to vip on the same APM

Hi,

I want to do HTTP authentication with a custom post with IPv4 but can't get it to work. I used a VIP on the APM itself with a serverssl. The pool members is the AAA authentication server.

ltm virtual vs_smsapi_test {
    destination 172.29.100.12:http
    ip-protocol tcp
    mask 255.255.255.255
    pool pool_smsapi_test
    profiles {
        http { }
        serverssl {
            context serverside
        }
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 80
}

ltm pool pool_smsapi_test {
    members {
        212.113.89.36:https {
            address 212.113.89.36
            session monitor-enabled
            state up
        }
    }
    monitor https

apm aaa http /andrei/otp_smsapi {
    auth-type custom-post
    content-type url-encoded-utf8
    custom-body "{\"recipient_phone_number\":\"%{session.logon.last.username}\",\"message\":\"%{session.logon.last.password}\",\"priority\":\"high\"}"
    form-action /api/sms/
    headers {
        header0 {
            name Content-Type
            value application/json
        }
        header1 {
            name Authorization
            value "Basic xxxxxxx"
        }
    }
    partition andrei
    start-uri http://172.29.100.12
    success-match-type string
    success-match-value id
}
    net self Vlan400 {
    address 172.29.100.3/16
    traffic-group traffic-group-local-only
    vlan vlan400
}

When testing the connection from another PC to the APM enabled VIP for SSLVPN I don't see any traffic via a tcpdump leaving from the vlan400 interface to 172.29.100.12 when doing the HTTP AAA authentication and get this in the apm logs:

Jan 23 17:21:24 BIGIP-C debug apd[16514]: 01490000:7: modules/Authentication/Http/HttpModule.cpp func: "doHttpHeaderBasedAuth()" line: 115 Msg: a933e480: HTTP module: doHttpHeaderBasedAuth(): URL: http://172.29.100.12/api/sms
Jan 23 17:21:24 BIGIP-C err apd[16514]: 01490138:3: a933e480: HTTP module: authentication with 'test' failed: Curl perform failed: Failure when receiving data from the peer  (56)
Jan 23 17:21:24 BIGIP-C debug apd[16514]: 01490111:7: a933e480: HTTP module: authenticateUser(): Curl perform failed: Failure when receiving data from the peer (56)

But the strange part is that I don't see any traffic leaving towards 172.29.100.12? Any ideas?

application delivery
BIG-IP
BIG-IP Access Policy Manager (APM)
No RepliesBe the first to reply