For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

David_Newman_10's avatar
David_Newman_10
Icon for Nimbostratus rankNimbostratus
May 06, 2005

Run with HTTP

 

I would like to run the icontrol axis client using HTTP so that I can funnel the requests/responses via tcpmon for debugging and analysis purposes.

 

 

How can I alter the icontrol Web server on the BIG-IP to also listen on port 80?

 

 

Thanks,

 

 

David
dev
devops
iControl

5 Replies

  • Loc_Pham_101863's avatar
    Loc_Pham_101863
    Historic F5 Account
    May 06, 2005
    Note that editing /config/httpd/conf/httpd.conf is dangerous and should only be done if you know what you're doing, or risk messing up your system. With that said, you can modify the following line in httpd.conf file as follows:

     

     

    From:

     

    Listen localhost:80

     

     

    To:

     

    Listen 80

     

     

    After saving the file, restart the Apache web server:

     

    bigstart restart httpd

     

     

    That's it.

     

    Loc
  • Joe_Pruitt's avatar
    Joe_Pruitt
    May 06, 2005
    We don't recommend altering the webserver on the BIG-IP to remove security. By doing so, the client credentials will be sent across the wire in clear text allowing someone sniffing around to gain access to your device. Since iControl and the administrative GUI all run under the same context, changing one will change the other as well.

     

     

    For java clients, the J2SE code has a built in tracing facility that will dump all SSL contents in clear text, which is what it seems is what you want to do.

     

     

    Adding this to your runtime arguments (or somewhere in your code) will dump all ssl traces to stdout.

     

     

    -Djavax.net.debug=ssl

     

     

    If you look at the run.sh[bat] scripts in the SDK for each of the sample applications, we include this flag commented out. If you uncomment it, you'll get all the tracing you could want.

     

     

    If this solution doesn't work for you, you can contact F5 Product Technical support to get the help on this. Since I'm not sure how altering the webserver configuration would violate your support contract, I'd really suggest you contact them. If this is just a testing environment, and you are willing to take the risks on your own, we are using an Apache webserver and the documentation on the Apache website will tell you how to enable other ports.

     

     

    Just, if you do make the change, make sure you understand and accept the consequences.

     

     

    -Joe
  • Joe_Pruitt's avatar
    Joe_Pruitt
    May 06, 2005
    Well, looks like locph beat me to the post.

     

     

    Just be sure you do not enable this in a production environment.

     

     

    -Joe
  • Loc_Pham_101863's avatar
    Loc_Pham_101863
    Historic F5 Account
    May 06, 2005
    Yes, Joe is correct in that you should not do this in the production environment. I was assuming that you would only do this for debugging/analysis purposes.

     

     

    Loc
  • David_Newman_10's avatar
    David_Newman_10
    Icon for Nimbostratus rankNimbostratus
    May 06, 2005
    Absolutely agree with the warnings regarding security. This is only to be done in a test environment.

     

     

    Thanks,

     

     

    David