Forum Discussion

fvi's avatar
fvi
Icon for Nimbostratus rankNimbostratus
May 11, 2021

No more http Portal Access

Hi,

I can't find why all my Portal Access ressources with an application URI in http:// are not working.

Those with https:// in URI are OK

 

Thanks

BIG-IP Access Policy Manager (APM)
security
  • AlexBCT's avatar
    AlexBCT
    May 12, 2021

    Hmm, interesting one. Here are a couple of things you could try;

    • Have you got any ACL's in the traffic path that it may match? Seen that you get a firewall log for the HTTPS version, you may have one for the HTTP version as well, but without the logging?
    • Are you using the AD configuration for anything else than authentication? E.g. maybe using group memberships for assigning ACL's? When you changed something, this may accidentally have stopped working.
    • When you log in, check in the session variables list if you get all the information from AD that you would expect to see and that any objects get assigned that you expect to be assigned (such as ACL's)
    • From the F5 CLI, you can test the communication to the backend server (using "curl http://xxxx") to confirm that is still working (or not)

     

    Hope this helps.

  • AlexBCT's avatar
    AlexBCT
    Icon for Cumulonimbus rankCumulonimbus
    May 11, 2021

    Hi,

     

    Can you give some more details on the exact problem and when it happens? And is it something that you are seeing in the F5 GUI, or in your implementation? And what version of software are you working on? And is this an implementation that was working earlier and has stopped working, or has not yet worked?

  • fvi's avatar
    fvi
    Icon for Nimbostratus rankNimbostratus
    May 11, 2021

    The version is 16.0.1.1 hotfix 0.9.6

    The implementation was working before but i have test AzureAD authentification and i may have change a parameter?

    From the user point of view, i have a "This site is inaccessible" for http:// ressources

    When i replace http:// by https:// i see a log in my firewall. With http:// i have no log in my firewall

    It seams not going out of the F5

    • AlexBCT's avatar
      AlexBCT
      Icon for Cumulonimbus rankCumulonimbus
      May 12, 2021

      Hmm, interesting one. Here are a couple of things you could try;

      • Have you got any ACL's in the traffic path that it may match? Seen that you get a firewall log for the HTTPS version, you may have one for the HTTP version as well, but without the logging?
      • Are you using the AD configuration for anything else than authentication? E.g. maybe using group memberships for assigning ACL's? When you changed something, this may accidentally have stopped working.
      • When you log in, check in the session variables list if you get all the information from AD that you would expect to see and that any objects get assigned that you expect to be assigned (such as ACL's)
      • From the F5 CLI, you can test the communication to the backend server (using "curl http://xxxx") to confirm that is still working (or not)

       

      Hope this helps.

  • fvi's avatar
    fvi
    Icon for Nimbostratus rankNimbostratus
    May 16, 2021

    Good idea, i test with curl and i was OK. Since i didn't find why, i have reset factory and recreate a test configuration. It is now OK. It will remain a mystery...

    Thankes for you help.