HTTPS Request?

Hi Scott,

 

 

Sorry, I missed your last reply. You can connect to the LTM VE command line using Putty. You can get the virtual server name from the command line using:

 

 

grep -C 2 1.1.1.1 /config/bigip.conf

 

 

Example:

 

 

 

grep -C 2 10.1.0.16 /config/bigip.conf

 

virtual www_example_com_vs {

 

snat automap

 

destination 10.1.0.16:443

 

ip protocol 6

 

profiles {

 

 

--

 

 

}

 

virtual www_example_com_vs_redirect {

 

destination 10.1.0.16:80

 

ip protocol 6

 

rules http_header_rule

 

 

 

You can also download the bigip.conf file from the LTM to your desktop using WinSCP. Use the same credentials as you do for logging in via the command line.

 

 

Aaron

Aaron,

 

 

I just tried that grep command but it didn't return anything. I only tried it using the machine's IP address, so should I try a different IP? I then tried to grep the bigip.conf file for the word "virtual" and it returned many results. I tried the "b" command on a few of them and it returned information.

 

 

Do you think the reason everything's not working is because the machine's IP address isn't assigned to any virtual server? Is there a way to fix that?

 

 

Thanks!

i think u run curl against wrong address. it should be virtual address rather than management address.

 

 

would u mind posting "b list" output here?

I just tried running "b curl" but it printed out pages of output because of all of the pools, monitors, vservers, and data groups configured on the device. Was there any particular part of the output that you wanted to see? The server I'm using is an exact image of the F5s that my organization uses in production, so are there any particular global rules that need to be reconfigured to match the fact that this is all running on an image and not the original server?

 

 

Thanks!

 

 

 

 

i just think if u can show us the virtual server, pool and irule config. it might be easier to help.

 

 

would it be possible to post those config here i.e. copy-and-paste?

The pool config is over 17,000 lines and the virtual config is about 1000 lines, and most of them are confidential to the company so I couldn't really post them. That's why I was wondering if there are any standard pools to check, since 17,000 lines is a lot to go through. I did go through the virtual server config though, and the only vserver that looked like it wasn't specific to anything internal was one called "vs_forwarding" that had the following statistics:

 

 

Name: vs_forwarding

 

Partition: Common

 

Destination:

 

Type: Network

 

Address:0.0.0.0

 

Mask:0.0.0.0

 

Service Port: 0

 

Availability:Blue Square

 

State:Enabled

 

Configuration: Basic

 

Type:Forwarding (IP)

 

Protocol: All protocols

 

VLAN and Tunnel Traffic: All VLANs and Tunnels

 

 

The iRule I'm trying to use is posted above, but here's some other iRules that are configured on the server that aren't company specific from what I can tell:

 

 

_sys_auth_krbdelegate

 

_sys_auth_ssl_cc_ldap

 

_sys_https_redirect

 

 

These looked like they came with the system since they don't allow you to select them in the iRule list, but I could be wrong.

 

 

Does any of this help to diagnose the problem? Thanks for the help!

i'm a bit confused.

 

 

is vs_forwarding the virtual server u applied irule to? i don't think so. i think it should be https virtual server (not forwarding one).

 

 

btw, what exactly do u want to do?

 

 

is there anything i missed??

Sorry, I'm confused by all the terminology, which I'm sure is leading to the confusion for everyone else.

 

 

Basically, I want to be able to type a URL into my web browser that returns the HTML "Hello World" from my F5 image.

 

 

My Hello World iRule is listed above, and various people have told me that it should work. However, the F5 image is configured with HTTPS and it redirects all HTTP traffic to HTTPS, which means the iRule isn't getting triggered because it's only looking for HTTP (at least as I understand it, I could be wrong).

 

 

I'm trying to hit the iRule by typing in https://1.1.1.1/mytest, where 1.1.1.1 is the IP of the F5 image that I log into with Putty. If I just type https://1.1.1.1, it takes me to the F5 configuration GUI.

 

 

I don't actually know what vs_forwarding is, it was just the only virtual server from the list that didn't look like it was being used for something specific internal to the company. Is there supposed to be a virtual server set up for the F5 image as a whole that uses the IP that I use for Putty?

 

 

Thanks!

just for example. hope this helps.

 

 

 

mgmt 172.28.16.16 {

 

netmask 255.255.255.0

 

}

 

self 172.28.17.40 {

 

netmask 255.255.255.0

 

vlan external

 

allow default

 

}

 

virtual bar {

 

destination 172.28.17.44:https

 

ip protocol tcp

 

rules myrule

 

profiles {

 

clientssl {

 

clientside

 

}

 

http {}

 

tcp {}

 

}

 

}

 

rule myrule {

 

when HTTP_REQUEST {

 

if { [HTTP::uri] eq "/mytest" } {

 

log local0. "Hello World"

 

HTTP::respond 200 content "Hello World" "Content-Type" "text/xml"

 

}

 

}

 

}

 

 

 

 

curl -ik https://172.28.17.44/mytest

 

HTTP/1.0 200 OK

 

Content-Type: text/xml

 

Server: BigIP

 

Connection: Keep-Alive

 

Content-Length: 11

 

 

Hello World

 

I'm looking through a lot of what I have right now on the F5 and it looks like I'm missing a lot of the things you listed. Most notably, I wasn't even aware that you had to assign iRules to virtual servers for them to do anything. However, I'm still having a few problems configuring my F5 to what you listed. Do you have any links that show how to configure all of those fields using the F5 GUI (or via command line, either way works for me).

 

 

Thanks!