HTTPS does not hit iRule

Question

Hi,
I'm to implement an iRule for HTTPS. The iRule is:
when HTTP_REQUEST { 
     HTTPS ------------------------------------------------------------------------
    log local0. ".TESTE HTTPS: [IP::client_addr] -&gt; [IP::local_addr] HOST:[HTTP::host] PATH:[HTTP::path] [HTTP::uri] [TCP::local_port]"  
    if { [string tolower [HTTP::host]] contains "xpto.com"  } {  
        log local0. ".TESTE HTTPS.IF: [IP::client_addr] -&gt; [IP::local_addr] [HTTP::host] [HTTP::uri] [TCP::local_port]"  
        switch -glob [string tolower [HTTP::uri]] {   
            "/index1.php"  {    
        persist source_addr 255.255.255.255 1800   
                log local0. ".TESTE index1: [IP::client_addr] -&gt; [IP::local_addr] [HTTP::host] [HTTP::uri] [TCP::local_port]"   
                node "10.1.144.100:[TCP::local_port]"   
            }   
            "/index3.php"  {    
        persist source_addr 255.255.255.255 1800   
                log local0. ".TESTE index2: [IP::client_addr] -&gt; [IP::local_addr] [HTTP::host] [HTTP::uri] [TCP::local_port]"   
                node "10.1.144.101:[TCP::local_port]"   
            }   
            "/index3.php"  {    
        persist source_addr 255.255.255.255 1800   
                log local0. ".TESTE /index3: [IP::client_addr] -&gt; [IP::local_addr] [HTTP::host] [HTTP::uri] [`TCP::local_port]"   
                node "10.1.144.102:[TCP::local_port]"   
                log local0. ".TESTE index3: [IP::client_addr] -&gt; [IP::local_addr] [HTTP::host] [HTTP::uri] [TCP::local_port]"   
            }   
            default  {  HTTPS but not BKO      
                log local0. ".TESTE DEFAULT: [IP::client_addr] -&gt; [IP::local_addr]"   
            }   
        }    
    }   
}

I have a similar iRule for a virtual-server HTTP and it works fine, this one, for https, does not work, and I do not see any log.  
Later to check if the iRule is called I have added to the iRule:

when CLIENT_ACCEPTED {    
    log local0. ".TESTE CLIENT_ACCEPTED: [IP::client_addr] -&gt; [IP::local_addr] [TCP::local_port]"    
     Check the VS port to determine if connection is SSL or not    
    switch [TCP::local_port] {    
       "443" {    
    log local0. ".TESTE CLIENT_ACCEPTED:443: [IP::client_addr] -&gt; [IP::local_addr] [TCP::local_port]"    
          set proto "https"    
       }    
       default {    
    log local0. ".TESTE CLIENT_ACCEPTED:not443: [IP::client_addr] -&gt; [IP::local_addr] [TCP::local_port]"    
          set proto "http"   
       }    
    }    
 }

I have logs for "CLIENT_ACCEPTED" and "443", so the iRule is called! 
The https use TLSv3.
So the question is: what's wrong?
Thanks,
LFR.

niels_van_sluis · Answer

Do you have a client-ssl profile attached to the virtual server? You need to terminate the SSL connection if you want to see the HTTP traffic.&nbsp;

Forum Discussion

HTTPS does not hit iRule

Recent Discussions

Http / https health monitor issue

F5-SDK Get GTM Pool Server, Virtual Server, Unused Objects, and JSON Conversion for Data Processing

F5 DNS Generic Host

How do I create a traffic log for two different route domains?

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

monitor does not work https

iRule to take cookie from HTTP Response into HTTP Request via table

iRules Style Guide

How does F5 PEM send API HTTP Requests to an orchestration system?

Why it does not show http instead of http/2 when ..

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS