HTTP_REQUEST not triggered in HTTPS virtual server?

Question

Hello, 
&nbsp;  
&nbsp; I have setup a simple HTTPS offloading virtual server. We use 
&nbsp; clientside certificates. We also use an iRule, because we use 
&nbsp; specific parts from the client certificate to perform special 
&nbsp; tasks (not relevant to this question). 
&nbsp;  
&nbsp; Using a webbrowser the iRule works. However, it's an application 
&nbsp; that must use this VS/iRule. The application does not work properly. 
&nbsp;  
&nbsp; The problem is that I can see a correct SSL handshake and client 
&nbsp; certificate being passed to the LTM. 
&nbsp; I can also see the application sending an encrypted HTTP request 
&nbsp; packet (with wireshark I see TLSv1 application data (application 
&nbsp; data protocol: HTTP).  
&nbsp; This packet is being ACKed by the LTM at the TCP level 
&nbsp; (only a TCP ACK, no data is being transferred from the LTM to the 
&nbsp; client application). However, the HTTP_REQUEST event is not 
&nbsp; triggered in the iRule and the (SSL/TCP) communication seems to 
&nbsp; get stuck. 
&nbsp;  
&nbsp; This is the iRule: 
&nbsp;  
&nbsp; --------------------------------------------------------------- 
&nbsp;  when CLIENTSSL_CLIENTCERT { 
&nbsp;    set cert [SSL::cert 0] 
&nbsp;    session add ssl [SSL::sessionid] $cert 36000 
&nbsp;  
&nbsp;    HTTP::release 
&nbsp;  } 
&nbsp;  
&nbsp;  when HTTP_REQUEST { 
&nbsp;    set client_cert [session lookup ssl [SSL::sessionid]] 
&nbsp;  
&nbsp;     DEBUG 
&nbsp;    set cert_data [X509::whole $client_cert] 
&nbsp;    log "X509 client cert: $cert_data" 
&nbsp;     DEBUG ENDS 
&nbsp;  
&nbsp;     other code not relevant to this question 
&nbsp;  } 
&nbsp; --------------------------------------------------------------- 
&nbsp;  
&nbsp; My questions are: 
&nbsp;  
&nbsp;  1) what can be the reason the HTTP_REQUEST is not triggered? 
&nbsp;     The only thing I can think of is that the HTTP request is 
&nbsp;     not complete or the application is not sending a valid 
&nbsp;     HTTP request. 
&nbsp;  
&nbsp;  2) Because of 1) I would really like to be able to look into 
&nbsp;     the unencrypted data being send from the client to the LTM. 
&nbsp;     Is there any way I can use debugging in the iRule to have 
&nbsp;     access to the unencrypted raw data send from the client 
&nbsp;     application to the LTM? (ssldump is not an option).  
&nbsp;     HTTP::collect will not work as HTTP_REQUEST is not triggered. 
&nbsp;     TCP::collect probably won't work because I probably get the 
&nbsp;     encrypted data (which I can also see using tcpdump on the 
&nbsp;     interface). 
&nbsp;  
&nbsp; Any help/hints are very much appreciated. 
&nbsp;  
&nbsp; -Frank

frank_30530 · Answer

Fixed. The request was not a valid HTTP request.

colin_walker_12 · Answer

That would do it! Thanks for the update! 
&nbsp;  
&nbsp; Colin

Forum Discussion

HTTP_REQUEST not triggered in HTTPS virtual server?

Recent Discussions

Can F5 be in Bridge Mode or a L2 DDOS to protect from L3-L4 DDOS attack

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

Related Content

Leveraging Ansible Rulebooks for Streamlined Event Triggers: Advantages and Benefits

iControl REST Cookbook - Virtual Server (ltm virtual)

F5 Distributed Cloud: Virtual Sites - Regional Edge (RE)

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

BIG-IP VE in Red Hat OpenShift Virtualization

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS