Forum Discussion
kfriend_50715
Nimbostratus
NimbostratusSSL offload on Apache/Tomcat persistance and append issues
Hello all.
I'm not much of an ace when it comes to the F5 LTM's. I'm running version 10.something and I've been trying to get an application called "UNANET" (online time cards) functioning behind the load balancer.
I followed the Tomcat/Apache deployment manuals and it's a pretty straightforward setup. I have two virtual servers, one is an http that redirects to the https. I have an append rule that adds the complete path to the base url. (i.e. myserver - append /somedir/login)
My initial setup, which I believe had COOKIE as persistance, resulted in the login appearing not to work. If you typed the correct password, the application would just clear out the username and password fields but it would not display an error. Oddly, we discovered if you typed in the right FOLLOWED BY THE WRONG password suddenly the menu options for the application became available. I continued to toy around with different persistance options and I was unable to fix this.
I believe I changed the persistance option to universal and at that point upon logging in, the URL would change as if it were trying to authenticate the user,however the page would not load. If you clicked BACK and hit refresh, again the menu options would appear for the application.
My best guess here is that my append rule is not playing well with the paths of this application. I'm not sure if I need a more complex append irule to direct the client depending on the situation. Actually I'm pretty lossed.
Any insight you can provide would be greatly appreciated.
Thanks.
Ken
23 Replies
Michael_YatesHi kfriend,
Can you post your path completion iRule so that we can see it or try this and let us know if the problem persists:when HTTP_REQUEST { if { [HTTP::path] equals "/" } { HTTP::redirect "/somewhere/else.html" } }
Another option is to remove the iRule all together and attempt to use the site without any iRules applied (you would be supplying the full URL) and see if you get the same type of behavior.
kfriend_50715Mr. Yates, Thanks for your response. Here is the current rule I havewhen HTTP_REQUEST { if {([HTTP::uri] == "/") } { HTTP::uri /unanet/action/login } }
But the problem is this. the base URL of the physical server (only one server in the pool right now) is obviously "someserver.mynetwork.com" However; there is a REDIRECT on the physical server that takes you to:
someserver.mynetwork.com/unanet/action/home to login
once credentials are supplied I believe this bounces off:
unanet/action/login/validate
As it stands, with my current persistance option and irule in place, when I login, I end up at "INTERNET EXPLORER CANNOT DISPLAY THE WEBPAGE" (address: someserver.mynetwork.com/unanet/action/logon/validate)
Now if I click BACK I have a blank authentication page, but if I click the login link (which goes to server/unanet/action/login) I end up seeing the menu options as if I'm logged in. So if I click "TIME" / someserver.mynetwork.com/unanet/action/time the page loads. But if I click to edit a timesheet: someserver.mynetwork.com/unanet/action/time/preedit?timesheetkey=35228 the page cannot be displayed.
I'm lost with where my problem is.- nitass
Employee
have you tried the irule Michael suggested? how was it?
by the way, have you ever used http analyzer? i think it might be useful when troubleshooting.
HttpFox
https://addons.mozilla.org/en-US/firefox/addon/httpfox/ - kfriend_50715Nitass,
Sorry, I JUST noticed the rule he posted was different than the one I was using. I'll try the updated Irule and see what happens. Thanks - kfriend_50715I tried the other irule and I also noticed he said to try without an irule. Between each change I disabled/re-enabled the virtual server.
It seems closer but no cigar here yet.
if I go to https://myserver/unanet it shoots me to https://myserver/unanet/action/home to login. Upon login it sends me to:
https://myserver/unanet/action/login/validate as 404.
if I type in the url again: https://myserver/unanet I'm logged in. But if I try to click to bring up a timesheet (https://myserver/unanet/action/time/preedit?timesheetkey=35228) I get 404. But if I click HELP LINK https://myserver/unanet/docs
preferences: https://myserver/unanet/action/preferences or various other links: https://myserver/unanet/action/preferences/dashboard/projects?personkey=50 they all appear to work happily.
I'm not sure what/where the problem is...confusing to me. - nitasshttps://myserver/unanet/action/login/validate
https://myserver/unanet/action/time/preedit?timesheetkey=35228what are these urls when accessing webserver directly (without bigip)? - kfriend_50715Base url is:
http://realserver/unanet/action/home
On login the /unanet/action/login/validate page happens so quickly you don't even see it happen.
Then editing a timesheet: http://realserver/unanet/action/time/preedit?timesheetkey=35228
So the URL's are matching up, I'm just not sure why some URL's are working and some paths are not. If there are logs or something that I could look at that would provide more insight to the problem just point me in the right direction. I'm completely lost here. - nitassOn login the /unanet/action/login/validate page happens so quickly you don't even see it happen. have you tried HttpFox? didn't it help?
- kfriend_50715I don't even know what HttpFox is or what it does. I'll google around for it and post back with my findings / results, unless you have more insight on it that you can provide.
- nitassyou will love it. :D
HttpFox: The Firefox add-on you can't live without
https://devcentral.f5.com/weblogs/macvittie/archive/2008/09/26/httpfox-the-firefox-add-on-you-cant-live-without.aspx
