For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

invisible's avatar
invisible
Icon for Nimbostratus rankNimbostratus
Oct 21, 2019

Debugging Rewrite Profile invocation

Hello everyone,

 

A simple question - if there is a require profile attached to a virtual server, how can I debug if that require profile is working or not?

 

I mean - a log file where it written the incoming request/content and what rewrite profile has done by replacing client/server fields.

 

We had a require profile defined since v12 and >5 years ago and it has been working fine. Discovered last week that now it does not work any more - we have not used it for a while.

 

I've upgraded first to the latest 14.x and then to 15.0.1 - result is the same - profile does not work.

 

I need to have a starting point to where to troubleshoot/debug, so need somehow to enable invocation of the the profile(s).

 

Thanks.

application delivery
BIG-IP
LTM

3 Replies

  • AceDawg1's avatar
    AceDawg1
    Icon for Nimbostratus rankNimbostratus
    Oct 21, 2019

    Can you provide the profile please? Paste the contents from the following command:

     

    • tmsh list ltm profile profileName
  • invisible's avatar
    invisible
    Icon for Nimbostratus rankNimbostratus
    Oct 22, 2019

    Here it is

    ltm profile rewrite Host_8443_vhhal202 {
    app-service none
    bypass-list none
    client-caching-type cache-css-js
    defaults-from rewrite
    java-ca-file ca-bundle.crt
    java-crl none
    java-sign-key default.key
    java-sign-key-passphrase-encrypted $M$bJ$J/fdeYNOi9eMb47YC5HEBw==
    java-signer default.crt
    location-specific false
    request {
        insert-xforwarded-for disabled
        insert-xforwarded-host disabled
        insert-xforwarded-proto disabled
        rewrite-headers enabled
    }
    response {
        rewrite-content enabled
        rewrite-headers enabled
    }
    rewrite-list none
    rewrite-mode uri-translation
    split-tunneling false
    uri-rules {
        uri_1570432736093 {
            client {
                host host.external.server
                path /uaa-server/
                port 8443
                scheme https
            }
            server {
                host uaa-server.vhhal202.internal.server
                path /
                port 30033
                scheme https
            }
        }
        uri_1570512770912 {
            client {
                host host.external.server
                path /
                port 8443
                scheme https
            }
            server {
                host coil-dev-ui.vhhal202.internal.server
                path /
                port 30033
                scheme https
            }
        }
    }
}

    external.server and internal.server correspond to external facing and internal FQDNs.

  • invisible's avatar
    invisible
    Icon for Nimbostratus rankNimbostratus
    Nov 05, 2019

    Hello, anyone has a thought about this?

     

    I tried both methods - define full and relative path for client and server in two separate rewrite profiles:

     

    • https://host.external/server:8443/ (client/external) and https://uaa-server.vhhal202.internal.server:30033/ (server/internal)

     

    • / (client/external) https://uaa-server.vhhal202.internal.server:30033/ (server/internal)

     

    The result is the same - when I to to https://host.external/server:8443/ on my browser, I am getting https://uaa-server.vhhal202.internal.server:30033/ with 404 back, so F5 does not rewrite request and content regardless the either profile I use.

     

    Any thoughts what could be happening here?