For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Steve_Kelly_126's avatar
Steve_Kelly_126
Icon for Nimbostratus rankNimbostratus
Jan 17, 2013

Intercepting crossdomain.xml requests irule works with HTTP but not with HTTPS - please help

Hi

 

I made an iRule to intercept flash client requests for the crossdomain.xml file, and masked it with another xml. This all works fine with HTTP request, but when trying to add the iRule to another virtual server using HTTPS and SSL offloading i get the following:

 

01070394:3: HTTP_REQUEST event in rule (faceme_set_crossdomain) requires an associated HTTP or FASTHTTP profile on the virtual server (vs_dev_faceme_rtmp).

 

I'm a bit of a newb so please be gentle, but any help would be appreciated.

 

I also tried, setting an HTTP Profile in the virtual server but, client requests seemed to fall into a hole.

 

 

application delivery
dev
devops
iRules

8 Replies

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 17, 2013

    Hey Steve. There's no reason the iRule shouldn't work on a SSL terminating standard Virtual Server. Two questions;

     

     

    1) Are there other iRules assigned to the SSL VS?

     

    2) Could you post the VS configuration from the CLI: tmsh list ltm virtual 'name'

     

  • Steve_Kelly_126's avatar
    Steve_Kelly_126
    Icon for Nimbostratus rankNimbostratus
    Jan 17, 2013

    Thanks Steve for your quick reply, there are no other iRules assigned to the SSL VS, and here's the VS info:

     

     

    ltm virtual vs_dev_faceme_rtmp {

     

    destination 123.100.113.198:https

     

    ip-protocol tcp

     

    mask 255.255.255.255

     

    pool dev_rtmp

     

    profiles {

     

    dev_stream1_ssl {

     

    context clientside

     

    }

     

    tcp { }

     

    }

     

    }

     

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 18, 2013
    i do not think http profile is applicable.

     

     

    Real Time Messaging Protocol

     

    http://en.wikipedia.org/wiki/Real_Time_Messaging_Protocol
  • Steve_Kelly_126's avatar
    Steve_Kelly_126
    Icon for Nimbostratus rankNimbostratus
    Jan 20, 2013
    Hi Yeah the rtmp session is wrapped in an ssl session actually. We are using the rtmps protocol.
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 21, 2013
    OK, in which case you'll not be able to use HTTP related events. Perhaps you can post the code (suitably secured) and we can find a different way?
  • Steve_Kelly_126's avatar
    Steve_Kelly_126
    Icon for Nimbostratus rankNimbostratus
    Jan 22, 2013
    Here's the iRule (no problem with it being unsecured):

     

     

    when HTTP_REQUEST {

     

    log local0.info "GOT REQUEST"

     

     

    set crossdomain {

     

     

     

     

     

     

     

    }

     

     

    if { [HTTP::path] equals "/crossdomain.xml"} {

     

     

    log local0.info "CAUGHT CROSSDOMAIN REQUEST"

     

    HTTP::respond 200 content $crossdomain

     

    HTTP::release

     

     

    } else {

     

     

    log local0.info "MOVING ON"

     

     

    return

     

     

    }

     

     

    }
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jan 22, 2013
    OK, so as I said, we can't use the HTTP events. Would you be able to do a tcpdump to see what the request for this resource actually looks like please? We could then probably search for it and use TCP::respond to send the response. Shame there's no built in support for RTMP.