Forum Discussion
Download file from AWS S3 bucket / http profile
- Jun 14, 2023
Hello,
Resolved, add only : HTTP::header replace Host "hostname"
FYI : url is : hostname.bucket.xxxxxxaws......
Hi cpt_ri_F5 ,
Could you please disable any AWAF/ASM Policies if exists , Remove attached iRule and convert Virtual server type to performance layer 4 , If the issue is resolved so , Keep disabling ASM policy and attach http profile again , and test one more time.
If it works with http profile , so you have issue with AWAF policy and need to check yout policy and AWAF system Variables.
If the Download didn't work so you the issue is with http profile , and you need really to disable it , in this Case I recommend to add this :
when HTTP_REQUEST {
if { [class match [string tolower [HTTP::uri]] contains uri-data] } {
HTTP::disable
log local0. "Condition True in Request"
return
}
}
when HTTP_RESPONSE {
HTTP::disable
log local0. "Response Action achieved"
}
> I addedd [Log local ] as a guide to make sure that your requests match with Conditions of if statement , and to make sure that http profile really disabled.
> I added Return to break the irule , and prefer to attach the Pool "MYPOOL" under virtual server resources.
The Last thing if this available with you, Take a Packet capture for both sides ( Client and server side ) with identifing the Download file request to see why it gives you an empty/corrupted file.
Follow the above steps , I hope this helps you
- whispererJun 14, 2023MVP
Just like Mohamed_Ahmed_Kansoh said, you really need to look closer in what variables you can eliminate, and the actual data from TCP dump. Open in wireshark, and check to see that the HTTP request leaves the F5 (sounds like it does since you get an AWS error messsage). Look at the host header, make sure it is correct. Also, look at the URI and make sure it is correct on the server side of the connection. Also, make sure you are using the same protocol -- HTTP and HTTP or HTTPS and HTTPS, if you are doing a conversion it may not work if AWS is not listening on 80 or 443.
Just a few more nuggets to dig and check 😉 Definitely an interesting issue!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com