Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

May 11, 2021

No more http Portal Access

Hi, I can't find why all my Portal Access ressources with an application URI in http:// are not working. Those with https:// in URI are OK Thanks

BIG-IP Access Policy Manager (APM)

AlexBCT
May 12, 2021
Hmm, interesting one. Here are a couple of things you could try;
Have you got any ACL's in the traffic path that it may match? Seen that you get a firewall log for the HTTPS version, you may have one for the HTTP version as well, but without the logging?
Are you using the AD configuration for anything else than authentication? E.g. maybe using group memberships for assigning ACL's? When you changed something, this may accidentally have stopped working.
When you log in, check in the session variables list if you get all the information from AD that you would expect to see and that any objects get assigned that you expect to be assigned (such as ACL's)
From the F5 CLI, you can test the communication to the backend server (using "curl http://xxxx") to confirm that is still working (or not)

Hope this helps.

Icon for Nimbostratus rank

Nimbostratus

May 11, 2021

The version is 16.0.1.1 hotfix 0.9.6

The implementation was working before but i have test AzureAD authentification and i may have change a parameter?

From the user point of view, i have a "This site is inaccessible" for http:// ressources

When i replace http:// by https:// i see a log in my firewall. With http:// i have no log in my firewall

It seams not going out of the F5

AlexBCT
Cumulonimbus
May 12, 2021
Hmm, interesting one. Here are a couple of things you could try;
Have you got any ACL's in the traffic path that it may match? Seen that you get a firewall log for the HTTPS version, you may have one for the HTTP version as well, but without the logging?
Are you using the AD configuration for anything else than authentication? E.g. maybe using group memberships for assigning ACL's? When you changed something, this may accidentally have stopped working.
When you log in, check in the session variables list if you get all the information from AD that you would expect to see and that any objects get assigned that you expect to be assigned (such as ACL's)
From the F5 CLI, you can test the communication to the backend server (using "curl http://xxxx") to confirm that is still working (or not)

Hope this helps.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming