For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kfriend_50715's avatar
kfriend_50715
Icon for Nimbostratus rankNimbostratus
Apr 13, 2012

SSL offload on Apache/Tomcat persistance and append issues

Hello all.

 

 

I'm not much of an ace when it comes to the F5 LTM's. I'm running version 10.something and I've been trying to get an application called "UNANET" (online time cards) functioning behind the load balancer.

 

 

I followed the Tomcat/Apache deployment manuals and it's a pretty straightforward setup. I have two virtual servers, one is an http that redirects to the https. I have an append rule that adds the complete path to the base url. (i.e. myserver - append /somedir/login)

 

 

 

My initial setup, which I believe had COOKIE as persistance, resulted in the login appearing not to work. If you typed the correct password, the application would just clear out the username and password fields but it would not display an error. Oddly, we discovered if you typed in the right FOLLOWED BY THE WRONG password suddenly the menu options for the application became available. I continued to toy around with different persistance options and I was unable to fix this.

 

 

I believe I changed the persistance option to universal and at that point upon logging in, the URL would change as if it were trying to authenticate the user,however the page would not load. If you clicked BACK and hit refresh, again the menu options would appear for the application.

 

 

 

My best guess here is that my append rule is not playing well with the paths of this application. I'm not sure if I need a more complex append irule to direct the client depending on the situation. Actually I'm pretty lossed.

 

 

Any insight you can provide would be greatly appreciated.

 

 

 

Thanks.

 

 

 

Ken

 

 

 

config
design

23 Replies

Show More
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 20, 2012
    but I'm a gimp and I need to add it to my append rule also. (myserver.mydomain.com) How could I do this?

     

     

    when HTTP_REQUEST {

     

    if { [HTTP::path] equals "/" } {

     

    HTTP::redirect "/unanet"

     

    }

     

    }not sure if i understand your question correctly or not.

     

     

    do you mean something like this?

     

    HTTP::redirect "https://myserver.mydomain.com/unanet"
  • kfriend_50715's avatar
    kfriend_50715
    Icon for Nimbostratus rankNimbostratus
    Apr 20, 2012

    yes, that's exactly what I mean.

    Since the certificate is bound to *.mydomain.com if anyone goes to http://myserver or https://myserver it will give a certificate error just saying that the name isn't covered. I can handle half of it on the http virtual server by just redirecting to https FQDN %host.mydomain.com but I'm not sure how to do it on the https virtual server with that append rule in place.

    http redirect to https: 

    
when HTTP_REQUEST {
set host [HTTP::host]
HTTP::respond 302 Location "https://$host.mydomain.com/unanet"
}

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 20, 2012
    but I'm not sure how to do it on the https virtual server with that append rule in place. you will still get the certificate warning since HTTP_REQUEST event is triggered after SSL handshake.