Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Could not login with a VS on F5

FAJUMO
Nimbostratus
Nimbostratus

‎14-Jan-2022 04:34

We have an application on port 8181 and was passed through reverse proxy.

Once we access the Application with its real IP, we can login.

but when we login in with the reverse proxy IP/FQDN we get this error : Unable to submit form.

Please i need your expertise on the issue

Labels:
0 Kudos
9 REPLIES 9

KeesvandenBos
MVP
MVP

‎14-Jan-2022 04:38

Hi Fajumo,

 

Could you share the configuration of the virtual server handling the reverse proxy requests?

the command is: tmsh list ltm virtual <name of the virtual server>

and any irules connected to this virtual server.

 

Cheers,

 

Kees

0 Kudos

FAJUMO
Nimbostratus
Nimbostratus
In response to KeesvandenBos

‎14-Jan-2022 04:42

ltm virtual reverseproxy.etisalat.com.ng {

   description "Central VS to handle the untrusted published applications"

   destination 41.190.21.150:https

   ip-protocol tcp

   mask 255.255.255.255

   profiles {

       Etisalat_tcp-lan-optimized {

           context serverside

       }

       Etisalat_tcp-wan-optimized {

           context clientside

       }

       etisalat_http_profile { }

       etisalat_stream_profile { }

       serverssl {

           context serverside

       }

       wildcard1.9mobileng.com {

           context clientside

       }

   }

   rules {

       Reverse_proxy_irule

   }

   source 0.0.0.0/0

   source-address-translation {

       type automap

   }

   translate-address enabled

   translate-port enabled

   vlans {

       ExtVLAN

   }

   vlans-enabled

   vs-index 143

 

0 Kudos

FAJUMO
Nimbostratus
Nimbostratus
In response to FAJUMO

‎14-Jan-2022 04:44

Irule is too long to add here. please send me email to send it to

 

       

0 Kudos

KeesvandenBos
MVP
MVP

‎14-Jan-2022 04:49

Questions.

 

The webserver is listening on port 8181, it this HTTPS??

Do you need the stream profile for the Reverse_proxy_irule?

 

Please post the irule here (you can use the Code Snippet button to make it more readable.

 

Cheers,

 

Kees

 

0 Kudos

FAJUMO
Nimbostratus
Nimbostratus
In response to KeesvandenBos

‎14-Jan-2022 04:55

 

when HTTP_REQUEST {

   STREAM::disable

   SSL::disable serverside

interconnectuat.9mobile.com.ng {

               log local0. "[HTTP::host] detected. Going to send to Pool interconnectuat.9mobile.com.ng"

               SSL::enable serverside

               pool interconnectuat.9mobile.com.ng

               }

0 Kudos

KeesvandenBos
MVP
MVP
In response to FAJUMO

‎14-Jan-2022 05:32

Ok, during the login, are there any error's in /var/log/ltm related to this irule?

0 Kudos

FAJUMO
Nimbostratus
Nimbostratus
In response to FAJUMO

‎14-Jan-2022 05:51

I tried to get a capure but did not see any hit

 

1. Create a new decryption irule:

 

when CLIENTSSL_HANDSHAKE {

log local0. "Client IP: [IP::client_addr] TCP source port: [TCP::remote_port] client"

log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"

log local0.debug "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]"

}

when SERVERSSL_HANDSHAKE {

log local0. "Client IP: [IP::client_addr] TCP local port: [TCP::local_port] server"

log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"

log local0.debug "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]"

}

 

2. Add this irule to your VS which is handling the affected traffic.

 

3. Run tcpdump:

 

tcpdump -envi 0.0:nnnp -s0 -w /var/tmp/"$HOSTNAME"_"$(date +%d-%m-%y)".pcap host <Your-client-IP>

 

4. Generate traffic and catch the problem.

 

5. Stop tcpdump

 

6. Disable decryption irule

 

7. Run below commands to create the files with session keys:

 

sed -e 's/^.*\(RSA Session-ID\)/\1/;tx;d;:x' /var/log/ltm > /shared/tmp/sessionsecrets.pms

 

grep -h -o 'CLIENT_RANDOM.*' /var/log/ltm > /shared/tmp/sessionsecrets_random.pms

0 Kudos

FAJUMO
Nimbostratus
Nimbostratus

‎14-Jan-2022 06:27

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://10.161.33.126:8181/wbs_RESTAPI/authenticateUser. (Reason: CORS request did not succeed). Status code: (null).

0 Kudos
Copyright © 2023 Khoros, LLC