Run with HTTP

Question

&nbsp; I would like to run the icontrol axis client using HTTP so that I can funnel the requests/responses via tcpmon for debugging and analysis purposes. 
&nbsp;  
&nbsp; How can I alter the icontrol Web server on the BIG-IP to also listen on port 80? 
&nbsp;  
&nbsp; Thanks, 
&nbsp;  
&nbsp; David

loc_pham_101863 · Answer

Note that editing /config/httpd/conf/httpd.conf is dangerous and should only be done if you know what you're doing, or risk messing up your system.  With that said, you can modify the following line in httpd.conf file as follows: 
&nbsp;  
&nbsp; From: 
&nbsp; Listen localhost:80 
&nbsp;  
&nbsp; To: 
&nbsp; Listen 80 
&nbsp;  
&nbsp; After saving the file, restart the Apache web server: 
&nbsp; bigstart restart httpd 
&nbsp;  
&nbsp; That's it. 
&nbsp; Loc

joe_pruitt · Answer

We don't recommend altering the webserver on the BIG-IP to remove security.  By doing so, the client credentials will be sent across the wire in clear text allowing someone sniffing around to gain access to your device.  Since iControl and the administrative GUI all run under the same context, changing one will change the other as well. 
&nbsp;  
&nbsp; For java clients, the J2SE code has a built in tracing facility that will dump all SSL contents in clear text, which is what it seems is what you want to do. 
&nbsp;  
&nbsp; Adding this to your runtime arguments (or somewhere in your code) will dump all ssl traces to stdout. 
&nbsp;  
&nbsp; -Djavax.net.debug=ssl 
&nbsp;  
&nbsp; If you look at the run.sh[bat] scripts in the SDK for each of the sample applications, we include this flag commented out.  If you uncomment it, you'll get all the tracing you could want. 
&nbsp;  
&nbsp; If this solution doesn't work for you, you can contact F5 Product Technical support to get the help on this.  Since I'm not sure how altering the webserver configuration would violate your support contract, I'd really suggest you contact them.  If this is just a testing environment, and you are willing to take the risks on your own, we are using an Apache webserver and the documentation on the Apache website will tell you how to enable other ports. 
&nbsp;  
&nbsp; Just, if you do make the change, make sure you understand and accept the consequences. 
&nbsp;  
&nbsp; -Joe

joe_pruitt · Answer

Well, looks like locph beat me to the post. 
&nbsp;  
&nbsp; Just be sure you do not enable this in a production environment. 
&nbsp;  
&nbsp; -Joe

loc_pham_101863 · Answer

Yes, Joe is correct in that you should not do this in the production environment.  I was assuming that you would only do this for debugging/analysis purposes. 
&nbsp;  
&nbsp; Loc

david_newman_10 · Answer

Absolutely agree with the warnings regarding security.  This is only to be done in a test environment. 
&nbsp;  
&nbsp; Thanks, 
&nbsp;  
&nbsp; David

Forum Discussion

Run with HTTP

5 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Recommended Study Guide, Books or Labs for F5 ASM/AWAF Module

Exchange cert upgrade on F%

email alert when service restarts

Unable to download files greater than 4GB. Running version 15.1.5.1

F5 Distributed Cloud Services Simulator Connect

Related Content

NGINX Unit running in Distributed Cloud vK8s

How to run an FTP server on Kubernetes with F5 BIG-IP

Ansible - Running bash commands with bigip_command module - How it's done

Use F5 Distributed Cloud to Connect Apps Running in Multiple Clusters and Sites

HTTP Multipart and Security Implications

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS