Forum Discussion
NimbostratusProblems with local traffic policies while using http-uri scheme or port conditions
A local traffic policy rule does not work:
I inserted a new local traffic policy:
- requires: http
- controls: forwarding
Then I added a policy rule with:
Operand:http-uri Event:request Selector:scheme Condition:equals Values:http
That rule does not fire. Additionally, modifying the rule to use port with value 80 does not work either.
Another rule:
Operand:http-host Event:request Selector:Port Values:80
does not work either.
But, if I use another Selector like http-uri -> path or so, that works.
F5 Version: 11.5.1
What is wrong? Is that functionality not yet implemented?
4 Replies
centur_140148The condition part in bigip.conf looks like that:
conditions { 0 { http-uri scheme values { http } } }I discovered that none of http-uri -> all, scheme, port, host is working as expected.
On top, the policy control "tcp" seem not work either: I selected the tcp control and then tried to define a condition like tcp -> Port 80 -> do something.
Peter_Baumann_5"I discovered that none of http-uri -> all, scheme, port, host is working as expected." -> I can confirm that this is also NOT working with v11.6.0 HF4- Peter_Baumann
Cirrostratus
I figured out more on this. Check out the following link: http://www8.org/w8-papers/5c-protocols/key/key.html under "Internet address conservation“. In HTTP/1.1 a Host-Header is a MUST in HTTP/1.0 a Host-Header is a MAY. So you're only able to use http-host operand when it is HTTP/1.1 when it is HTTP/1.0 it MAY not work ;-)
- nitass
Employee
i understand http-uri's scheme is for proxy request.
configuration root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 policies { cpm1 { } } profiles { http { } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 18 } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool proxyp ltm pool proxyp { members { 172.28.24.1:3128 { address 172.28.24.1 } } } root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm policy cpm1 ltm policy cpm1 { controls { forwarding } requires { tcp http } rules { rule1 { actions { 0 { forward select pool proxyp } } conditions { 0 { http-uri scheme values { http } } } ordinal 1 } } strategy first-match } trace [root@ve11a:Active:In Sync] config ssldump -Aed -nni 0.0 port 80 or port 3128 New TCP connection 1: 192.168.206.117(50517) <-> 172.28.24.10(80) 1433405981.6632 (0.0036) C>S --------------------------------------------------------------- GET http://www.starbucks.com/ HTTP/1.1 Host: www.starbucks.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive --------------------------------------------------------------- New TCP connection 2: 172.28.24.14(50517) <-> 172.28.24.1(3128) 1433405981.6648 (0.0014) C>S --------------------------------------------------------------- GET http://www.starbucks.com/ HTTP/1.1 Host: www.starbucks.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive ---------------------------------------------------------------
