Forum Discussion
Hmm, not quite, I think.
Isnt it the client who makes the acctual call to the backend server, y.domain.com?
x.domain.com responds with a 302 to the client with a new location header and the client trying to make a new request to the new location?
In your scenario, x.domain.com makes the acctual request to y.domain.com in the back, right?
But if there is way to accomplish that instead, im in! :) but im not sure how to do that really..
Best regards,
Johan
Hi Johan,
Hmm, it's getting tricky... ;) Without knowing the full application or configuration, I'm pretty stumped. My gut feel would be now that there is something missing in the VPE (maybe a branch that's not accepting that domain name, or a certain policy branch that gets taken that wasn't as expected.
Seen that the policy DOES get redirected to the z.xxxx domain, it means it's on the right track.
Here's some further troubleshooting tips;
- Using the log entries for the session, check how the session for y.xxxxxx flows through the access policy.
- Add a few Message Box agents to branches that may see the traffic from y.xxxxx and confirm that the policy follows the path through the policy that you expect it to take.
- By putting a Message Box just before you end up at a "Deny" in a policy, you can keep a session alive to investigate what the session variables looks like and possibly spot some issues in there.
Besides that, I'm not sure if I can help much further. Maybe someone else around here has an idea (and can possibly spot the error in my logic ;), or you could bring the case to F5 support.