Forum Discussion
dp_119903
Cirrostratus
CirrostratusReally basic redirect question
I feel foolish for not knowing this but I have a really basic redirect question.
I have a server (maintained by a different team) that is listening for SSL connections on 7004 for a specific URI...
shaggy
Nimbostratus
NimbostratusCan you post the configuration for this virtual server and the iRule that you're using? Via CLI -
tmsh list ltm virtual (vs-name)You are correct - server-ssl profiles re-encrypt traffic to the pool member, and client-ssl profiles terminate SSL connections from the user at the F5. If you are receiving a 404 response, it appears as if IP/TCP traffic is properly flowing to/from the server and that SSL handshakes are occurring, the server just doesn't have the URL being requested. If traffic wasn't flowing or handshakes weren't occurring, you would see timeouts or TCP resets, assuming the iRule isn't configured to respond with a 404.
Testing via curl may also help -
curl https://(vs-ip):(vs-port)/(url) -vv
dp_119903strange, when I do the tmsh list ltm virtual i only show one virtual server (i have at least 30 configured). I am assuming this is b/c I used a template to create the virtual server...is there a way to show it if I used a template?- shaggyif all of your iApps were created in /Common, tmsh list ltm virtual recursive
- dp_119903I went ahead and deleted the app and added it manually so that I could display it here: ltm virtual MyToken_RSA_http { destination 10.5.135.223:http ip-protocol tcp mask 255.255.255.255 profiles { http { } tcp { } } rules { _sys_https_redirect } vlans-disabled } ltm virtual MyToken_RSA_https { destination 10.1.1.223:https ip-protocol tcp mask 255.255.255.255 persist { cookie { default yes } } pool MyToken_RSA_pool profiles { clientssl { context clientside } http { } serverssl { context serverside } tcp { } } rules { MyToken } vlans-disabled }
- dp_119903iRule is: when HTTP_REQUEST { Check if path is / if {[HTTP::path] eq "/"}{ Send 302 redirect to the new location HTTP::redirect https://[HTTP::host]/console-selfservice/ } }
- shaggyDo you get a 404 when you hit https://(http::host)/console-selfservice/, or when you try to access https://(http::host)/, or both?
- dp_119903Now i"m not getting a 404. I ran CURL from the CLI and I think I see the issue, but I'm not sure how to fix it. It looks like I'm getting a 302 from the server that is redirecting the virtual address to port 7004 (which doesn't work b/c the virtual is listening on 443 not 7004 - the backside server is listening on 7004) < HTTP/1.1 302 Moved Temporarily < Cache-Control: no-cache < Connection: close < Date: Wed, 08 Oct 2014 19:36:56 GMT < Pragma: No-cache < Location: https://10.x.x.x:7004/console-selfservice/SelfService.do;jsessionid=6pFZJ1SYVqYB02RFhYct1znC9pmnvmKHM1ghZW7qy72Wcxh2yGD2!1168371165!1412797016546 < Content-Type: text/html < Expires: Thu, 01 Jan 1970 00:00:00 GMT < Set-Cookie: console-selfservice-jsessionid=6pFZJ1SYVqYB02RFhYct1znC9pmnvmKHM1ghZW7qy72Wcxh2yGD2!1168371165; path=/console-selfservice; secure; HttpOnly < X-Powered-By: Servlet/3.0 JSP/2.2 < Set-Cookie: BIGipServerMyToken_RSA.app~MyToken_RSA_pool=1866138890.23579.0000; path=/ is this something that needs to be changed on the server?
- dp_119903correction, I do get a 404 when I go to https://x.x.x.x/ - not when I go to https://x.x.x.x/console-selfservice/
- shaggyCan you provide the curl output for the attempt against https://x.x.x.x/? Those requests should be redirected per the assigned iRule
natheCirrocumulus
might it be the port in the host header causing the issue? this post may help https://devcentral.f5.com/questions/http-redirect-and-port-stripping
