Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Could not login with a VS on F5

FAJUMO
Nimbostratus
Nimbostratus

We have an application on port 8181 and was passed through reverse proxy.

Once we access the Application with its real IP, we can login.

but when we login in with the reverse proxy IP/FQDN we get this error : Unable to submit form.

Please i need your expertise on the issue

9 REPLIES 9

Hi Fajumo,

 

Could you share the configuration of the virtual server handling the reverse proxy requests?

the command is: tmsh list ltm virtual <name of the virtual server>

and any irules connected to this virtual server.

 

Cheers,

 

Kees

ltm virtual reverseproxy.etisalat.com.ng {

   description "Central VS to handle the untrusted published applications"

   destination 41.190.21.150:https

   ip-protocol tcp

   mask 255.255.255.255

   profiles {

       Etisalat_tcp-lan-optimized {

           context serverside

       }

       Etisalat_tcp-wan-optimized {

           context clientside

       }

       etisalat_http_profile { }

       etisalat_stream_profile { }

       serverssl {

           context serverside

       }

       wildcard1.9mobileng.com {

           context clientside

       }

   }

   rules {

       Reverse_proxy_irule

   }

   source 0.0.0.0/0

   source-address-translation {

       type automap

   }

   translate-address enabled

   translate-port enabled

   vlans {

       ExtVLAN

   }

   vlans-enabled

   vs-index 143

 

Irule is too long to add here. please send me email to send it to

 

       

Questions.

 

The webserver is listening on port 8181, it this HTTPS??

Do you need the stream profile for the Reverse_proxy_irule?

 

Please post the irule here (you can use the Code Snippet button to make it more readable.

 

Cheers,

 

Kees

 

 

when HTTP_REQUEST {

   STREAM::disable

   SSL::disable serverside

interconnectuat.9mobile.com.ng {

               log local0. "[HTTP::host] detected. Going to send to Pool interconnectuat.9mobile.com.ng"

               SSL::enable serverside

               pool interconnectuat.9mobile.com.ng

               }

Ok, during the login, are there any error's in /var/log/ltm related to this irule?

I tried to get a capure but did not see any hit

 

1. Create a new decryption irule:

 

when CLIENTSSL_HANDSHAKE {

log local0. "Client IP: [IP::client_addr] TCP source port: [TCP::remote_port] client"

log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"

log local0.debug "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]"

}

when SERVERSSL_HANDSHAKE {

log local0. "Client IP: [IP::client_addr] TCP local port: [TCP::local_port] server"

log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"

log local0.debug "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]"

}

 

2. Add this irule to your VS which is handling the affected traffic.

 

3. Run tcpdump:

 

tcpdump -envi 0.0:nnnp -s0 -w /var/tmp/"$HOSTNAME"_"$(date +%d-%m-%y)".pcap host <Your-client-IP>

 

4. Generate traffic and catch the problem.

 

5. Stop tcpdump

 

6. Disable decryption irule

 

7. Run below commands to create the files with session keys:

 

sed -e 's/^.*\(RSA Session-ID\)/\1/;tx;d;:x' /var/log/ltm > /shared/tmp/sessionsecrets.pms

 

grep -h -o 'CLIENT_RANDOM.*' /var/log/ltm > /shared/tmp/sessionsecrets_random.pms

FAJUMO
Nimbostratus
Nimbostratus

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://10.161.33.126:8181/wbs_RESTAPI/authenticateUser. (Reason: CORS request did not succeed). Status code: (null).