Forum Discussion

Jace_45978's avatar
Jace_45978
Icon for Nimbostratus rankNimbostratus
Apr 26, 2013

uri redirect irule help

Hello.   I have a couple VIPS in place that I am testing with trying to get it working.   BIG-IP Version 10.2.2 969.0   Hotfix HF4 Edition   virtuals:   virtual test_80 {   dest...
application delivery
dev
devops
irules
nitass's avatar
nitass
Icon for Employee rankEmployee
Apr 28, 2013
i think you may try http analyzer tool or tcpdump/ssldump to see what is going on.

HttpFox (http analyzer tool)

https://addons.mozilla.org/en-us/firefox/addon/httpfox/

for tcpdump, you can run on interface 0.0 and filter by using vip and pool member ip and port

tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap '(host 10.88.14.29 and port 443) or (host 10.88.5.30 or host 10.88.5.31 and port 8080)'

How to Decrypt SSL and TLS Traffic using Wireshark

http://support.citrix.com/article/CTX116557

by the way, this is my testing. 

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:443
   ip protocol 6
   rules myrule
   profiles {
      clientssl {
         clientside
      }
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:8080 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   if {[HTTP::uri] equals "/snoop"} {
     HTTP::uri "/snoop"
   }
   HTTP::header replace Host "[HTTP::host]:8080"

   if {[HTTP::uri] equals "/"} {
      HTTP::redirect "https://qa.domain.com/something/home"
   }
}
}

 /

[root@centos17 ~] curl -ik https://172.28.19.252/ -H "Host: qa.domain.com"     HTTP/1.0 302 Found
Location: https://qa.domain.com/something/home
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

 /snoop

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 443 or port 8080 -k /config/ssl/ssl.key/default.key
New TCP connection 1: 172.28.20.17(36425) <-> 172.28.19.252(443)
1 1  1367142991.8771 (0.0168)  C>S SSLv2 compatible client hello
1 2  1367142991.8771 (0.0000)  S>CV3.1(81)  Handshake
1 3  1367142991.8771 (0.0000)  S>CV3.1(953)  Handshake
1 4  1367142991.8771 (0.0000)  S>CV3.1(4)  Handshake
1 5  1367142991.8790 (0.0019)  C>SV3.1(262)  Handshake
1 6  1367142991.8790 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
1 7  1367142991.8790 (0.0000)  C>SV3.1(36)  Handshake
1 8  1367142991.8968 (0.0177)  S>CV3.1(1)  ChangeCipherSpec
1 9  1367142991.8968 (0.0000)  S>CV3.1(36)  Handshake
1 10 1367142991.8982 (0.0014)  C>SV3.1(180)  application_data
    ---------------------------------------------------------------
    GET /snoop HTTP/1.1
    User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Accept: */*
    Host: qa.domain.com

    ---------------------------------------------------------------
New TCP connection 2: 200.200.200.10(36425) <-> 200.200.200.101(8080)
1367142991.8990 (0.0007)  C>S
---------------------------------------------------------------
GET /snoop HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: qa.domain.com:8080

---------------------------------------------------------------