Forum Discussion
Angelo
Nimbostratus
Nimbostratusproblem on https and http on vs
Hi
i have a VS with allot of custom things on it SSL offloading on the F5 this i ned to figure our how i'm gonna get this to work on http and https. client side everything is https and server side everything is http. this is the VS
destination 10.211.184.100:20175
ip-protocol tcp
mask 255.255.255.255
partition SOA
pool pool_ttl_dev
profiles {
/Common/tcp { }
/Common/wilcard_mtn {
context clientside
}
SOA_Profile { }
SOA_expression { }
}
rules {
Logging
Irule_ttl_dev_http
Streaming_SOA
}
snat automap
vlans-disabled
}
this is my http profile.
ltm profile http SOA_Profile {
app-service none
basic-auth-realm none
defaults-from /Common/http
encrypt-cookies none
fallback-host none
fallback-status-codes none
header-erase none
header-insert none
insert-xforwarded-for disabled
lws-separator none
lws-width 80
max-header-count 64
max-header-size 32768
max-requests 0
oneconnect-transformations enabled
pipelining enabled
redirect-rewrite all
request-chunking preserve
response-chunking selective
response-headers-permitted none
security disabled
via-request preserve
via-response preserve
}
and this the rule that i have...
when CLIENT_ACCEPTED {
switch [TCP::local_port] {
80 {
SSL::disable clientside
SSL::disable serverside
pool pool_ttl_dev
}
}
}
}
nitassEmployee
so, what is the problem?
by the way, TCP::local_port won't return 80 since the virtual is listening on port 20175 i.e. it will return 20175 only.
Angelothe problem is that i need this to work like this. if you put in the URI http://www.ttl.com:20175 and https://www.ttl.com:20175 they both should work but thus far i can only get the https to work...- nitasse.g.
[root@ve10:Active] config b virtual bar list virtual bar { translate service enable snat automap pool foo destination 172.28.19.79:any ip protocol 6 rules myrule profiles { clientssl { clientside } tcp {} } } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve10:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { switch [TCP::local_port] { 80 { SSL::disable clientside } 443 { } default { reject } } } } [root@ve10:Active] config curl -I http://172.28.19.79 HTTP/1.1 200 OK Date: Fri, 24 Aug 2012 05:22:17 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 [root@ve10:Active] config curl -Ik https://172.28.19.79 HTTP/1.1 200 OK Date: Fri, 24 Aug 2012 05:22:22 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 - AngeloI have another problem i have multiple backend application running so i can't open any on the VS. this is for a SOA implementation thus i have the different VS on different port to segregate the application 20175 is for SOA 20177 BAM and so forth.
- nitasssorry i misread the question. what about this one?
[root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:20175 ip protocol 6 profiles { myclientssl { clientside } tcp {} } } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve10:Active] config b profile myclientssl list profile clientssl myclientssl { defaults from clientssl nonssl enable } [root@ve10:Active] config curl -I http://172.28.19.79:20175 HTTP/1.1 200 OK Date: Fri, 24 Aug 2012 05:42:17 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 [root@ve10:Active] config curl -Ik https://172.28.19.79:20175 HTTP/1.1 200 OK Date: Fri, 24 Aug 2012 05:42:24 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 - Angelothanks Nitass its working