Help with SOAP Monitor
I am attempting to use the built-in SOAP monitor on an LTM with 10.2.4. I have made several attempts, but no success yet. Any help or advice would be much appreciated! One of the biggest issues I have is how to I validate that the customer has given me a legitimate POST request and that I'm getting back the result they say I should? They claim to have verified using SOAP-UI, and tell me that this request should work but so far my pool members all fail this monitor. Admittedly, I have very little SOAP knowledge and so I'm having trouble deconstructing the SOAP POST request the customer has provided me, with what I need to put in the fields of the monitor. Can someone help me identify what components of this request need to be included in my SOAP monitor fields and what goes where?SOAP HTTP Monitor - HTTP Error 400. The request has an invalid header name.
Hello All I am new to SOAP testing, I am using an http monitor to do a SOAP test but I keep receiving error 400 from the server. I am using a 3rd party SOAP client which gets a successful response, and it's using the same statement. I believe the problem is how I am constructing the request. I have read http://support.f5.com/kb/en-us/solutions/public/2000/100/sol2167.html but still don't understand why this is failing. This is what I am using on the 'Send String' portion of the test: POST /CurrencyConvertor.asmx HTTP/1.1\r\nAccept-Encoding: gzip,deflate\r\nContent-Type: text/xml;charset=UTF-8\r\nSOAPAction: \"http://www.webserviceX.NET/ConversionRate\"\r\nContent-Length: 345\r\nHost: www.webservicex.com\r\nConnection: Keep-Alive\r\nUser-Agent: Apache-HttpClient/4.1.1 (java 1.5)\r\n\r\r\n\r\n\r\n\r\nEUR\r\nAFA\r\n\r\n\r The Wireshark capture from my tests indicates: POST /CurrencyConvertor.asmx HTTP/1.1 Accept-Encoding: gzip,deflate Content-Type: text/xml;charset=UTF-8 SOAPAction: "http://www.webserviceX.NET/ConversionRate" Content-Length: 345 Host: www.webservicex.com Connection: Keep-Alive EUR AFA HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Fri, 04 Oct 2013 23:04:50 GMT Connection: close Content-Length: 339 Bad Request Bad Request - Invalid Header HTTP Error 400. The request has an invalid header name. The Wireshark from the successful connection using 3rd party shows: POST /CurrencyConvertor.asmx HTTP/1.1 Accept-Encoding: gzip,deflate Content-Type: text/xml;charset=UTF-8 SOAPAction: "http://www.webserviceX.NET/ConversionRate" Content-Length: 345 Host: www.webservicex.com Connection: Keep-Alive User-Agent: Apache-HttpClient/4.1.1 (java 1.5) EUR AFA HTTP/1.1 200 OK Cache-Control: private, max-age=0 Content-Type: text/xml; charset=utf-8 Content-Encoding: gzip Vary: Accept-Encoding Server: Microsoft-IIS/7.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Fri, 04 Oct 2013 22:24:10 GMT Content-Length: 311 0 I'd really appreciate any advice, many thanks…. G FYI I am using BIP-IP VE version 10.1.0SOAP HTTPS redirects not working (Postman / SoapUI)
Hello, I am using the Postman application, as well as SoapUI, to test some SOAP requests to an application that is behind our F5 WAF. When I send SOAP HTTPS POST requests, the WAF handles the request perfectly and all tests pass. However, when I send these requests over HTTP, tests do not succeed and I get an HTTP 500 error. To be clear, I have the default F5 iRule attached to the virtual server to redirect HTTP requests to HTTPS, and it does work. If I make a request to the site through the browser over HTTP, it gets sent to HTTPS. As another side note of troubleshooting, I have seen old threads that mention the Postman Interceptor Chrome extension being necessary for some API testing. I have installed it, turned it on, and I still get the same issues. My next step was turning on HTTP Analytics logging and looking at some of these requests to see if I could spot a difference between where we force HTTPS and where we leave it as HTTP. From what I can tell, it looks like every HTTP 500 response shows that it was a GET request... which is wrong, because the tests are configured as an HTTP POST. So to me it seems like the WAF is redirecting the HTTP POST to an HTTPS GET, which is why we get the 500 response code. Does this sound like anything someone has seen before? Any insight as to why this is occurring is appreciated.
Use APM HTTP Auth to send a SOAP Message for OTP
Hello, I recently read this article on implementing a OTP solution in our APM via SMS: https://devcentral.f5.com/articles/one-time-passwords-via-an-sms-gateway-with-big-ip-access-policy-manager In this article the OTP is sent to the client via an HTTP API, of the SMS provider, which used an HTTP Auth Server to communicate with the SMS provider. I would like to implement this same solution using a SOAP API, but I'm not sure what to populate the fields of the AAA HTTP Server with. I have successfully implemented this using an e-mail irule to the SMS provider and it works well, but we would like to encrypt the message via HTTPS and the provider only supports SOAP. I was hoping that I could just paste the following output (from soapclient.com) into the "Hidden Form Parameters/Values", but it doesn't seem to be that simple. Any suggestions or other F5 doco I could reference? 1234567890987654321Test MessageMessage The WSDL of the SMS Toolkit methods is located at: http://xml.redcoal.com/soapserver.dll/wsdl/ISoapServer Thanks for your help, -Mike
Event log soap[22458]
Hello, I try to understand a log message on our F5 Big IP 13.1.1.4. Under System -> Logs -> Local Traffic, I have several entries like LogLevel:info Service:soap[22458] Event:src=127.0.0.1, user= I precise there is nothing after user :) Anyone can explain me what it means and if it is possible to filter these entries? Best regards.
SOAP service Call from non browser client with APM policy
We are configuring our F5 APM to authenticate SOAP service calls. We create a VS and add APM policy and when we access the service from any browser its works fine. Now my application team want to call the service form a .net client . When they call they are able to create a Proxy for the services but when try to consume the service they receive the below error : " return The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: 'BIG-IP logout page When we remove the APM policy from the VS everything works fine. the message says the response were HTML and the html codes seems the bigip logout page. I am not able to understand , why its returning a Big-IP logout page " BIG-IP logout page " the APM policy is simple Start ---> certificate check ----> Allow Fallback ----> Deny Am I missing anything here ? Any suggestion is highly appreciated.
SOAP Request Formation for iControl
Hello, I am trying to get the list of virtual servers under all the partitions in the LTM using the below SOAP message. http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd="; xmlns:soapenv="; xmlns:vir="urn:iControl:LocalLB/VirtualServer"> ' target="_blank" rel="nofollow">http://schemas.xmlsoap.org/soap/encoding/"/>; But getting only the vs under common partition. Could someone please let me know how to get the list of virtual servers for all partitions.
SSL Handshake failure
Hello, I need help with one situation. We have one application behind F5. We are terminating SSL on F5. When we access application through normal web browser we get desired output. But when we try the same application with SoapUI we do not get the output. we tried to debug and packet capture and we found that SSL handshake failure causes the issue. with my limited knowledge I tried to extract ssldump and output shows that ssl failure occurred, but i am not able to find out the reason for the same. below you can find the output of ssldump: please let me know if you have any suggestion to troubleshoot the issue further:Modify SOAP To header based on target node
Hi, I have 2 kinds of virtual servers set up. The first has no pools assigned. It takes requests over SSL, terminates the SSL and routes the requests (in plaintext) to wholly different pools based on content. However, the SOAP To header from these requests needs to be modified. The protocol needs to be changed from https to http, the service URL is suffixed with a designator used for services without transport security and the port needs to be changed from 8443 to some other port. It's the "some other port" that is causing me some issues. Following is my iRule on the SSL-terminating, content-based routing virtual server: when HTTP_REQUEST { if { [HTTP::method] eq "POST" } { if { [HTTP::header exists "Content-Length"] } { set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } HTTP::collect $content_length } else { HTTP::respond 405 content "Unsupported" Allow "POST" } } when HTTP_REQUEST_DATA { if { [HTTP::method] eq "POST" } { set payload [HTTP::payload] binary scan [sha1 [SSL::cert 0]] H* certHash set newSoapHeader "" if { [info exists certHash] } { append newSoapHeader $certHash } else { append newSoapHeader "cert_hash_retrieval_failure" } append newSoapHeader "" Try to stick the new header in the header collection set numMatches [regsub {.*\<[A-Za-z0-9:]*Header[^\>]*\>} $payload [concat {&} $newSoapHeader] modifiedPayload] if no matches from that, we know there was no header and, therefore, no subsitution. We need to introduce the whole Header block if { $numMatches == 0 } { set contentToInsert "" append contentToInsert $newSoapHeader append contentToInsert "" set numMatches [regsub {.*\<[A-Za-z0-9:]*Envelope[^\>]*\>} $payload [concat {&} $contentToInsert] modifiedPayload] } Empty it of content first HTTP::payload replace 0 [string length [HTTP::payload]] "" Then replace the empty payload HTTP::payload replace 0 0 $modifiedPayload set currentVirtualServer [virtual name] if { [string match *LEGACY* $currentVirtualServer] > 0 } { Replace the HTTP Location Header HTTP::header replace Location [string map { "https://" "http://" ".svc" "_U.svc" } [ HTTP::header Location]] Replace the SOAP To Header set badToHeaderPattern ".svc" set lenBadHeaderPattern [string length $badToHeaderPattern] set betterToHeaderPattern "_U.svc" set offset [string first $badToHeaderPattern [HTTP::payload]] if { $offset >= 0 } { HTTP::payload replace $offset $lenBadHeaderPattern $betterToHeaderPattern set badToHeaderPattern "https://" set lenBadHeaderPattern [string length $badToHeaderPattern] set betterToHeaderPattern "http://" set offset [string first $badToHeaderPattern [HTTP::payload]] if { $offset >= 0 } { HTTP::payload replace $offset $lenBadHeaderPattern $betterToHeaderPattern } NOW REPLACE THE 8443 PORT WITH... um... } } the trailing arguments align with the parts of the regex in parentheses. First is always the whole match, subsequent per parentheses pair regexp {(\<[A-Za-z0-9:]*Organisation[^\>]*\>)([A-Za-z]*)} $modifiedPayload wholeMatch xmlElementMatch organisationNameMatch if { [string length $organisationNameMatch] > 0 } { string map takes a list of replacement pairs (e.g [list needle1 replace1 needle2 replace2... needleN replaceN]) set targetPool [string map [list -D--- --- MULTI $organisationNameMatch RELEASE RELEASE-U DEBUG DEBUG-U LEGACY ""] $currentVirtualServer] pool $targetPool } else { HTTP::respond 400 content "Unknown" } } Ensure that the request is released back to F5 so it may take control of the underlying connection and complete the routing HTTP::release } I'll detail the HTTP_REQUEST if requested, but it's pretty much stock-standard stuff. All the magic is in the HTTP_REQUEST_DATA handling. I know a lot of my SOAP content replacement is really risky and needs better pattern matching/controls so I don't replace anything I shouldn't, so don't focus on that. But after I switch out the https with http in the SOAP To header (really every instance of https in the whole payload), I want to change the port 8443 to another port. The other port, however, is not known until I route it to the pool later (the "pool $targetPool" in the last couple of lines). That routing works just fine and the correct pool gets the requests and processes them. But I can't seem to manipulate the payload any further after I set the new pool. That means I can't, say, get "[LB::server port]" and replace the mentions of 8443 with it. It looks like I don't have it available to manipulate on the LB_SELECTED event either. So, how do I modify the port in the SOAP To Header (also need to modify the HTTP Location header) with a port I will only know after I've re-routed the request with the "pool" keyword?