Forum Discussion
help troublshooting or reconfiguring an irule
Currently the CAS server is doing the redirect, terminating the SSL, and providing the OWA logon page… The F5 was set up for ‘Performance L4’ and load balancing.
I was attempting to integrate our enterprise vault solution today. The plan was to use the existing exchange virtual server and iRules to direct traffic to the enterprise vault pool.
I changed the VS type to standard and created the following irules… I see the 1st 80 redirect rule working, but I don’t see any traffic hitting the pool and I think I need a little assistance… Attached is a generic diagram of the EV/Exchange set up.
HTTP Virtual:
When HTTP_REQUEST {
if { [HTTP::uri] contains "enterprisevault" }{
HTTP::redirect "https://webmail.company.com/enterprisevault/"
} elseif { [HTTP::uri] equals "/" }{
HTTP::redirect "https://webmail.company.com/owa"
}
}
HTTPS Virtual:
when HTTP_REQUEST {
if { [string tolower [http_uri]] equals "/enterprisevault" } {
pool enterprise-vault
log local0. "match for ev"
} else {
pool exchange2007-owa
}
}
- nitass
Employee
if { [string tolower [http_uri]] equals "/enterprisevault" } {is it "/enterprisevault" or "/enterprisevault/"? - gh0std0g_79292
Nimbostratus
Sorry, another piece of information to further complicate things... I do not have the SSL client profile configured with a valid cert. The CAS servers have the cert on them and will continue to redirect 80 traffic and terminate SSL. Will I have to install the cert/key pair on F5 as well? And if so, I assume I can use the default server profile 'server-sslinsecure-compatible'? And that will not interfere with my enterprise vault pool listening on port 80. - Richard__HarlanHistoric F5 AccountYes the LTM will reset the traffic as you have a HTTP profile on the VIP and the traffic is non-RFC HTTP. WIth out the Client-ssl profile the LTM will not be able to read any of the traffic.
- nitass
Employee
Will I have to install the cert/key pair on F5 as well?yes, you should import certificate and key from server to bigip and set it in clientssl profile. you are able to use default clientssl profile but user will get certificate warning page when accessing https virtual server.[root@ve10:Active] config b virtual bar80 list virtual bar80 { destination 172.28.19.79:80 ip protocol 6 rules myrule80 profiles { http {} tcp {} } } [root@ve10:Active] config b rule myrule80 list rule myrule80 { when HTTP_REQUEST { if { [string tolower [HTTP::uri]] contains "enterprisevault" }{ HTTP::redirect "https://[HTTP::host]/enterprisevault" } elseif { [HTTP::uri] equals "/" }{ HTTP::redirect "https://[HTTP::host]/owa" } } } [root@ve10:Active] config b virtual bar443 list virtual bar443 { snat automap destination 172.28.19.79:443 ip protocol 6 rules myrule443 profiles { clientssl { clientside } http {} serverssl { serverside } tcp {} } } [root@ve10:Active] config b rule myrule443 list rule myrule443 { when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "/enterprisevault" } { SSL::disable serverside pool foo80 } else { pool foo443 } } } [root@ve10:Active] config b pool foo80 list pool foo80 { members 200.200.200.101:80 {} } [root@ve10:Active] config b pool foo443 list pool foo443 { members 200.200.200.101:443 {} }
- Joe_Clark_45172
Nimbostratus
Has anyone gotten this to work? We are running Enterprise Vault with OWA, and I can't get enterprise vault accessible from the outside.
- Joe_Clark_45172
Nimbostratus
I have been messing around with the iRules and now instead of a page cannot be displayed error, I am getting a 404 error.- bernhard_schmi1
Nimbostratus
Any update? Because we have the same issue and either F5 nor veritas could give us the right solution.
We have Exchange DAG 2013 multirole and Enterprise Vault. From external ( OWA) we cannot use Enterprise vault.
Thanks
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com