For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

David_Newman_10's avatar
David_Newman_10
Icon for Nimbostratus rankNimbostratus
May 06, 2005

Run with HTTP

  I would like to run the icontrol axis client using HTTP so that I can funnel the requests/responses via tcpmon for debugging and analysis purposes.     How can I alter the icontrol W...
dev
devops
iControl
Joe_Pruitt's avatar
Joe_Pruitt
May 06, 2005
We don't recommend altering the webserver on the BIG-IP to remove security. By doing so, the client credentials will be sent across the wire in clear text allowing someone sniffing around to gain access to your device. Since iControl and the administrative GUI all run under the same context, changing one will change the other as well.

 

 

For java clients, the J2SE code has a built in tracing facility that will dump all SSL contents in clear text, which is what it seems is what you want to do.

 

 

Adding this to your runtime arguments (or somewhere in your code) will dump all ssl traces to stdout.

 

 

-Djavax.net.debug=ssl

 

 

If you look at the run.sh[bat] scripts in the SDK for each of the sample applications, we include this flag commented out. If you uncomment it, you'll get all the tracing you could want.

 

 

If this solution doesn't work for you, you can contact F5 Product Technical support to get the help on this. Since I'm not sure how altering the webserver configuration would violate your support contract, I'd really suggest you contact them. If this is just a testing environment, and you are willing to take the risks on your own, we are using an Apache webserver and the documentation on the Apache website will tell you how to enable other ports.

 

 

Just, if you do make the change, make sure you understand and accept the consequences.

 

 

-Joe