Forum Discussion

dave_jensen_201's avatar
dave_jensen_201
Icon for Nimbostratus rankNimbostratus
Mar 17, 2010

F5 Persistence SSL (Pass-through) Safari Browser Issue

I hope everyone is doing well. We have an odd issue with traffic through our F5. Let me start by saying that SSL and session for our website works just fine through IE8/IE7, Firefox/Mozilla, Chrome,...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 23, 2010
If you're not decrypting the SSL, you wouldn't want to add an HTTP profile to the VIP and therefore shouldn't be able to add an iRule to the VIP which references HTTP events. I'd expect your first example to work. Just add it to the VIP on the resources tab and then check /var/log/ltm for the rule output. 

 
 when CLIENT_ACCEPTED { 
    log local0. "[IP::client_addr]:[TCP::client_port]: SSL sessionid is: [SSL::sessionid]" 
 }

If you have a Safari browser you can reproduce the issue with, I'd restrict the iRule to log only your client IP address: 

 
 when CLIENT_ACCEPTED { 
    if {[IP::addr [IP::client_addr] equals 1.1.1.1]}{ 
       log local0. "[IP::client_addr]:[TCP::client_port]: SSL sessionid is: [SSL::sessionid]" 
    } 
 }

Aaron