Source IP and match http host

I don't see any issue with your iRule exept a problem of case sensitive. It's a good practice to add "string tolower" to eliminate case on your host comparison.

If you try with this iRule, do you see the log in /var/log/ltm when a client request abc.abc.com?

when HTTP_REQUEST { 
  if { [string tolower [HTTP::host]] contains "abc.abc.com" } 
  { 
    log local0. "Inside IF, forward to test_pool" 
    pool test_pool 
  } 
}

If yes your problem is somewhere else.

Yes, i can see the line from code.

Hmm, now i need to find where is the problem :(

I also see that on VS connection is established and on iRule statistics total executions increment.

Tnx for this Nicolas and of course if you have idea what is next that i can check please be free to write :D :D

Cheers.

Next step is network troubleshooting. TCPDump will be usefull for that, you can find all the information required here: https://support.f5.com/csp/article/K411

Good luck!

Hi Nicolas,

first code that you posted is working, you where right, i made a mistake somewhere :(

i did tcpdump on F5 and regarding F5 everything looks fine i think that is something with ssl offloading but no idea what, maybe you have experience with it.

Behind F5 i have some web application proxy and it is used for user authentication. Also on this WAP are rule to forward/redirect request to end node (https://abc.abc.com -> https://xzy.xzy.com).

When i configure my F5 with client_accepted and forward to pool (2 x web app proxy), then WAP do his job and it is working, but when i use ssl offloading and do the same thing it is not working :(

If i am using VS with services 443 and do SSL offloading so i could see some date in it how should i sent this after that to WAP?

I hope that you understand my setup and what is wrong.

Thanks.

I don't understand your question, can you clarify please?

Yes sure m8, I think that i found what is the issue.

My setup is like this:

client -> F5 -> WebApplicationProxy -> end server

HTTPS request go to F5, on F5 i am doing offloading so i could see header and then i need to encrypt again and to forwarded to WAP using 443 then this WAP forward to end server.

For SSL offloading i used SSL Profile Client, and i assume that i need to use SSL Profile Server so i could encrypt and send.

But one strange situation is when i am doing tcpdump i am getting: 10:29:11.657560 IP aa.aa.aa.aa.59013 > bb.bb.bb.bb.https: Flags [S], seq 2045310198, win 4176, options [mss 1392,nop,nop,TS val 2655931073 ecr 0,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/test

10:29:11.658221 IP bb.bb.bb.bb.https > aa.aa.aa.aa.59013: Flags [S.], seq 843165656, ack 2045310199, win 8192, options [mss 1460,sackOK,TS val 342693484 ecr 2655931073], length 0 in slot1/tmm0 lis=/Common/test

10:29:11.658248 IP aa.aa.aa.aa.59013 > bb.bb.bb.bb.https: Flags [.], ack 1, win 4176, options [nop,nop,TS val 2655931074 ecr 342693484], length 0 out slot1/tmm0 lis=/Common/test

10:29:11.658275 IP aa.aa.aa.aa.59013 > bb.bb.bb.bb.https: Flags [P.], seq 1:161, ack 1, win 4176, options [nop,nop,TS val 2655931074 ecr 342693484], length 160 out slot1/tmm0 lis=/Common/test

10:29:11.658692 IP bb.bb.bb.bb.https > aa.aa.aa.aa.59013: Flags [R.], seq 1, ack 161, win 0, length 0 in slot1/tmm0 lis=/Common/test

aa.aa.aa.aa is F5 and bb.bb.bb.bb is WAP server and it seams like tcp is restarted by bb :(

No SSL handshake is visible in your tcpdump. If your WAP require a SSL communication then it's a normal behavior to send a Reset.

Probably a problem with the configruation of the SSL server side profile in your VS.