For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

smedakkar_85975's avatar
smedakkar_85975
Icon for Nimbostratus rankNimbostratus
Jan 08, 2013

Unable to send SSL response to client

Hi,   This is my first post on this forum and before doing so, I have tried to read as much as possible to find other posts with a similar issues. Unfortunately there isn't anything out there that...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Jan 08, 2013
this is just an example configuration based on the codeshare below.

HTTP Payload Collection by Deb

https://devcentral.f5.com/wiki/irules.httppayloadcollection.ashx 

[root@ve10:Active] config  b virtual bar443 list
virtual bar443 {
   snat automap
   pool foo
   destination 172.28.19.252:443
   ip protocol 6
   rules myrule
   profiles {
      clientssl {
         clientside
      }
      http {}
      serverssl {
         serverside
      }
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:443 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when RULE_INIT {
  set static::my_reject_page { page not found }
}

when HTTP_REQUEST {
  if { [class match -- [HTTP::uri] starts_with MyValidUris] } {
    log local0. "Request received from client: [IP::client_addr]"
    log local0. "Request content: [HTTP::method] [HTTP::uri]"
    if { [HTTP::version] eq "1.1" } {
      if { [HTTP::header is_keepalive] } {
        HTTP::header replace "Connection" "Keep-Alive"
      }
      HTTP::version "1.0"
    }
  } else {
    log local0. "Responding with error as the request's URI is not in the list of valid URIs"
    HTTP::respond 200 content $static::my_reject_page
  }
}

when HTTP_RESPONSE {
  log local0. "[HTTP::status] response received from server: [IP::server_addr]"
  if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] < 1048577 } {
    set content_length [HTTP::header "Content-Length"]
  } else {
    set content_length 1048576
  }
  log local0.info "Content Length: $content_length"
  if { $content_length > 0 } {
     HTTP::collect $content_length
  }
}

when HTTP_RESPONSE_DATA {
  log local0. "Response Payload: [HTTP::payload]"
  HTTP::release
}
}
[root@ve10:Active] config  b class MyValidUris list
class MyValidUris {
   "/valid"
}

[root@ve10:Active] config  tail -f /var/log/ltm
Jan  9 00:54:45 local/tmm info tmm[4884]: Rule myrule : Request received from client: 172.18.205.12
Jan  9 00:54:45 local/tmm info tmm[4884]: Rule myrule : Request content: GET /valid/index.html
Jan  9 00:54:45 local/tmm info tmm[4884]: Rule myrule : 200 response received from server: 200.200.200.101
Jan  9 00:54:45 local/tmm info tmm[4884]: Rule myrule : Content Length: 89
Jan  9 00:54:45 local/tmm info tmm[4884]: Rule myrule : Response Payload:    This is 101 host.