Forum Discussion
GavinW_29074
Nimbostratus
NimbostratusProxyPass V10 iRule issues...
Hi there,
I'm trying to set-up the ProxyPass v10 iRule from here (http://devcentral.f5.com/wiki/iRules.ProxyPassV10.ashx), and I'm hitting a few issues with Firefox...
It's probably worth noting that I've made a couple of tweaks to the rule to fit with how we intend to use it...
Top section of the rule looks like this now:
when RULE_INIT {
Enable to debug ProxyPass translations via log messages in /var/log/ltm
(2 = verbose, 1 = essential, 0 = none)
set static::ProxyPassDebug 02
Enable to rewrite page content (try a setting of 1 first)
(2 = attempt to rewrite host/path and just /path, 1 = attempt to rewrite host/path)
set static::RewriteResponsePayload 0
}
when CLIENT_ACCEPTED {
Get the default pool name. This is used later to explicitly select
the default pool for requests which don't have a pool specified in
the class.
set default_pool [LB::server pool]
if { $static::ProxyPassDebug > 1 } {
log local0. "[virtual name]: [IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"[IP::local_addr]:[TCP::local_port] DefaultPool: $default_pool"
}
}
when HTTP_REQUEST {
"bypass" tracks whether or not we made any changes inbound so we
can skip changes on the outbound traffic for greater efficiency.
set bypass 1
The name of the Data Group (aka class) we are going to use
set vname [getfield [virtual name] / 4]
set cname [substr $vname 0 .]
set clname "ProxyPass[virtual name]""ProxyPass_$cname"
Initialize other local variables used in this rule
set orig_uri "[HTTP::uri]"
set orig_host "[HTTP::host]"
set log_prefix "VS=[virtual name], Host=$orig_host, URI=$orig_uri"
set clientside ""
set serverside ""
set newpool ""
set ppass ""
if {! [class exists $clname]} {
log local0. "$log_prefix: Data Group $clname not found."
pool $default_pool
return
} else {
log local0. "$log_prefix: Data Group $clname found."
set ppass [class match -element "$orig_host$orig_uri" starts_with $clname]
if {$ppass eq ""} {
Did not find with hostname, look for just path
set ppass [class match -element "$orig_uri" starts_with $clname]
}
if {$ppass eq ""} {
No entries found
if { $static::ProxyPassDebug > 0 } {
log local0. "$log_prefix: No rule found"
}
Get default redirect value.
set rurl [class match -value $cname equals Root_Redirect]
if { $static::ProxyPassDebug > 0 } {
log local0. "$log_prefix: redirect found. Redirecting to $rurl"
}
HTTP::redirect "https://[HTTP::host]$rurl"
pool $default_pool
return
}
}
Basically, I've changed the name format of the datagroup that it's looking for, and added a 'Default redirect' which is used to catch either the root directory or an invalid application URL.
This code works fine in IE, however I'm consistently getting the following error in FF:Corrupted Content Error
The page you are trying to view cannot be shown because an error in the data transmission was detected.
Any ideas where this issue could come from? 21 Replies
hoolioCirrostratus
Hi Gavin,
Can you post the full rule and debug from /var/log/ltm as an attachment to this post?
Aaron
GavinW_29074Hoolio
Please find the rule attached.
The log file extract looks like:
Nov 22 17:17:20 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : /Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https: 192.168.100.208:62230 -> 172.16.26.235:443 DefaultPool: /Common/cmswokingham
Nov 22 17:17:20 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/: Data Group ProxyPass_cms found.
Nov 22 17:17:20 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/: No rule found
Nov 22 17:17:20 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/: redirect found. Redirecting to /CMSBackOffice
Nov 22 17:17:21 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/CMSBackOffice: Data Group ProxyPass_cms found.
Nov 22 17:17:21 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/CMSBackOffice: Found Rule, Client Host=cms.wokingham.card.co.uk, Client Path=/CMSBackOffice, Server Host=cms.wokingham.card.co.uk, Server Path=/CMSBackOffice
Nov 22 17:17:21 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/CMSBackOffice: Redirecting to https://cms.wokingham.card.co.uk/CMSBackOffice/
Nov 22 17:17:21 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/CMSBackOffice/: Data Group ProxyPass_cms found.
Nov 22 17:17:21 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/CMSBackOffice/: Found Rule, Client Host=cms.wokingham.card.co.uk, Client Path=/CMSBackOffice, Server Host=cms.wokingham.card.co.uk, Server Path=/CMSBackOffice
Nov 22 17:17:21 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/CMSBackOffice/: Using default pool /Common/cmswokingham
Nov 22 17:17:21 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/CMSBackOffice/: New Host=cms.wokingham.card.co.uk, New Path=/CMSBackOffice/
Nov 22 17:17:21 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/CMSBackOffice/: Changing response header Location: https://cms.wokingham.card.co.uk/CMSBackOffice/home with https://cms.wokingham.card.co.uk/CMSBackOffice/home
Nov 22 17:17:21 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : Modifying cookie JSESSIONID path from /CMSBackOffice to /CMSBackOffice
Nov 22 17:17:21 tmm1 info tmm1[6378]: Rule /Common/ProxyPass : Inserting cookie: JSESSIONID=c4826b0b66b7729fa2d92f7064c3; Path=/CMSBackOffice
Relevant data group 'ProxyPass_cms' looks like:ltm data-group internal /Common/ProxyPass_cms { records { /CMSBackOffice { data /CMSBackOffice } /CMSResources { data /CMSResources } } type string }
Cheers
Gav- hoolioIt seems like this could be caused by multiple Location headers:
http://forums.mozillazine.org/viewtopic.php?f=23&t=2284289
Can you test with a browser plugin like HttpFox for Firefox and reply here with the request/response which causes the error?
Also, it doesn't look like you're actually rewriting anything with ProxyPass as your find/replace strings are the same. What are you trying to accomplish with the iRule?
Aaron - GavinW_29074Aaron
Cheers for the update. Will pull the http logs out in the morning.
As regards what I'm trying to achieve... This is the base implementation to test the rule. Moving forward I'm going to have some urls that do need to be re-written such that the client hits a dfferent url to that on the server...
Cheers
Gav - GavinW_29074Aaron
The HTTP headers come back with:
https://cms.wokingham.card.co.uk/
GET / HTTP/1.1
Host: cms.wokingham.card.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
DNT: 1
Connection: keep-alive
HTTP/1.0 302 Found
Location: https://cms.wokingham.card.co.uk/CMSBackOffice
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
----------------------------------------------------------
https://cms.wokingham.card.co.uk/CMSBackOffice
GET /CMSBackOffice HTTP/1.1
Host: cms.wokingham.card.co.uk
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
DNT: 1
Connection: keep-alive
HTTP/1.0 302 Found
Location: https://cms.wokingham.card.co.uk/CMSBackOffice/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0 - GavinW_29074As an update, I've installed Chrome, and it's working fine...
So appears to be Firefox specific :S - GavinW_29074Have run some further testing on Chrome, and it does indeed appear that the rule is sending back 2 Location values...
See the following extract from the Chrome Developer Net tab:
Request URL:https://cms.wokingham.card.co.uk/CMSBackOffice
Request Method:GET
Status Code:302 Moved Temporarily
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Cache-Control:max-age=0
Connection:keep-alive
Cookie:JSESSIONID=04214c461c6c74feea18a50c6769; jsonTable={"2105498430": [1322041650012, 1, 0, 0, 0], "2779550008": [1322041640311, 1, 0, 0, 0], "3714451117": [1322041650008, 1, 0, 0, 3], "v": 31295000}
Host:cms.wokingham.card.co.uk
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2
Response Headersview parsed
HTTP/1.1 302 Moved Temporarily
Location: https://cms.wokingham.card.co.uk/CMSBackOffice/home
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Location:: https://cms.wokingham.card.co.uk/CMSBackOffice/home
This redirect corresponds to the following Log entry on the F5:
Nov 23 11:58:30 tmm info tmm[6377]: Rule /Common/ProxyPass : VS=/Common/WokinghamCMS.app/cms.wokingham.card.co.uk_https, Host=cms.wokingham.card.co.uk, URI=/CMSBackOffice: Changing response header Location: https://cms.wokingham.card.co.uk/CMSBackOffice/home with https://cms.wokingham.card.co.uk/CMSBackOffice/home
More debugging to do I think... - hoolioHi Gavin,
Nice work in narrowing this down! I updated the codeshare entry to remove the extra colon on a few of the HTTP::header replace commands.
Thanks for diagnosing this.
Aaron - GavinW_29074Aaron,
No worries, glad I could be of assistance...
Plus it means I've got a fairly good understanding of this rule now :)
Cheers
Gav 
Opher_Shachar_6Hello,
I've modified the iRule to address several issues:Change the 'protocol' (https or http) of absolute URLs on rewrites (in reponses) as necessary
If doing Response Paylod rewrite then also rewite the url-encoded form of urls
Insert 'X-Forwarded-For' only if SNAT used is not 'none'
Added a new parameter to allow other modules (eg. httpclass) to select pool
Fix parsing of [virtual name] for building the ProxyPass class name
Fix Set-Cookie Domain attribute rewrite
Some cosmetic indentation fixes
Add some debug level logs
attached are two patches: one without the indentation fixes -- so you can see just what I changed; and the full patch.Regards,
Opher Shachar.
