Forum Discussion

Ian_Upton_39258's avatar
Ian_Upton_39258
Icon for Nimbostratus rankNimbostratus
May 28, 2008

HTTPS re-direction debug

Gentlefolk,

 

 

I wish to perform a redirect from a HTTP virtual server which terminates the SSL to a HTTPS server with a client and server ssl profile (encrypted all the way to the server). I have used code along the following lines:

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] end with "ME" } {

 

HTTP::redirect "https://10.200.132.121[HTTP::uri]"

 

}

 

}

 

Logging shows that the URI is picked.

 

 

The client browser displays "page not found", a sniffer trace does not show any communication from the client to the redirected address 10.200.132.121.

 

 

If I make the redirect virtual server (10.200.132.121) terminate the client SSL I see the redirect on the sniffer trace and the browser is redirected to the new page. It all works!!!!!!

 

 

How can I debug what is received/processed/whatever on the client PC and browser?????

 

 

Any help appreciated, Ian. src=/DesktopModules/NTForums/themes/DC4/emoticons/angry.gif width=20 height=20>

 

 

 

application delivery
dev
devops
iRules
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    May 28, 2008
    Do you have two VIPs created? One on http and one on https for 10.200.142.121? And you're saying that the redirect works if the HTTPS virtual server is decrypting the traffic? But it fails when there isn't a client and server SSL profile assigned to the VIP? If the above is accurate, I would guess there is some kind of issue with the HTTPS virtual server. When you remove the client and server SSL profiles, are you also removing the HTTP profile? If not, this would cause a connection failure. Can you post the https VIP configuration from the bigip.conf (or run 'b virtual VIP_NAME list') when it's not working?

    You can use LiveHttpHeaders for Firefox of Fiddler for IE to see what the client is sending/receiving. To add logging to the iRule, you can use the log statements. Output for local0.* is written to /var/log/ltm by default. You can view this in the GUI under System >> Logs >> Local Traffic or by running 'tail -f /var/log/ltm'. 

     
 when HTTP_REQUEST { 
    log local0. "[IP::client_addr]:[TCP::client_port]: Request to [IP::local_addr]:[TCP::local_port] for [HTTP::uri]" 
    if { [HTTP::uri] end with "ME" } { 
       log local0. "[IP::client_addr]:[TCP::client_port]: matched ME, redirecting to https://10.200.132.121[HTTP::uri]" 
       HTTP::redirect "https://10.200.132.121[HTTP::uri]" 
    } 
 }

    Aaron
  • Ian_Upton_39258's avatar
    Ian_Upton_39258
    Icon for Nimbostratus rankNimbostratus
    May 28, 2008
    Gentlefolk,

     

     

    Managed to get an SSL debug tool.

     

    Woops an addrssing stupdity way back in the iRule.

     

     

    All works.

     

     

    Ian