14-Jan-2022 04:34
We have an application on port 8181 and was passed through reverse proxy.
Once we access the Application with its real IP, we can login.
but when we login in with the reverse proxy IP/FQDN we get this error : Unable to submit form.
Please i need your expertise on the issue
14-Jan-2022 04:38
Hi Fajumo,
Could you share the configuration of the virtual server handling the reverse proxy requests?
the command is: tmsh list ltm virtual <name of the virtual server>
and any irules connected to this virtual server.
Cheers,
Kees
14-Jan-2022 04:42
ltm virtual reverseproxy.etisalat.com.ng {
description "Central VS to handle the untrusted published applications"
destination 41.190.21.150:https
ip-protocol tcp
mask 255.255.255.255
profiles {
Etisalat_tcp-lan-optimized {
context serverside
}
Etisalat_tcp-wan-optimized {
context clientside
}
etisalat_http_profile { }
etisalat_stream_profile { }
serverssl {
context serverside
}
wildcard1.9mobileng.com {
context clientside
}
}
rules {
Reverse_proxy_irule
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vlans {
ExtVLAN
}
vlans-enabled
vs-index 143
14-Jan-2022 04:44
Irule is too long to add here. please send me email to send it to
14-Jan-2022 04:49
Questions.
The webserver is listening on port 8181, it this HTTPS??
Do you need the stream profile for the Reverse_proxy_irule?
Please post the irule here (you can use the Code Snippet button to make it more readable.
Cheers,
Kees
14-Jan-2022 04:55
when HTTP_REQUEST {
STREAM::disable
SSL::disable serverside
interconnectuat.9mobile.com.ng {
log local0. "[HTTP::host] detected. Going to send to Pool interconnectuat.9mobile.com.ng"
SSL::enable serverside
pool interconnectuat.9mobile.com.ng
}
14-Jan-2022 05:32
Ok, during the login, are there any error's in /var/log/ltm related to this irule?
14-Jan-2022 05:51
I tried to get a capure but did not see any hit
1. Create a new decryption irule:
when CLIENTSSL_HANDSHAKE {
log local0. "Client IP: [IP::client_addr] TCP source port: [TCP::remote_port] client"
log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
log local0.debug "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]"
}
when SERVERSSL_HANDSHAKE {
log local0. "Client IP: [IP::client_addr] TCP local port: [TCP::local_port] server"
log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
log local0.debug "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]"
}
2. Add this irule to your VS which is handling the affected traffic.
3. Run tcpdump:
tcpdump -envi 0.0:nnnp -s0 -w /var/tmp/"$HOSTNAME"_"$(date +%d-%m-%y)".pcap host <Your-client-IP>
4. Generate traffic and catch the problem.
5. Stop tcpdump
6. Disable decryption irule
7. Run below commands to create the files with session keys:
sed -e 's/^.*\(RSA Session-ID\)/\1/;tx;d;:x' /var/log/ltm > /shared/tmp/sessionsecrets.pms
grep -h -o 'CLIENT_RANDOM.*' /var/log/ltm > /shared/tmp/sessionsecrets_random.pms
14-Jan-2022 06:27
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://10.161.33.126:8181/wbs_RESTAPI/authenticateUser. (Reason: CORS request did not succeed). Status code: (null).
14-Jan-2022 06:32