alhall_3584
Aug 20, 2012Nimbostratus
iRule to redirect
I'm new at this and I trying to redirect an https (443) request to an Apache/Tomcat server with the url of . When I try to connect to it with I get an error. Please assist. Thanks!
[admin@:Active] ~ curl -v -I[admin@:Active] ~ curl -v -I -H "Host:itlml.affsc.." -H "Host:itlml.affsc.."
* Trying xxx.x.xxx.26... connected
* Connected to xxx.x.xxx.26 (xxx.x.xxx.26) port 8080
> HEAD /vminet.html HTTP/1.1
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Accept: */*
> Host:itlml.affsc..
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
curl: option -I[admin@:Active]: is unknown
curl: try 'curl --help' or 'curl --manual' for more information
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
[admin@:Active] ~ * About to connect() to xxx.x.xxx.26 port 8080
-bash: syntax error near unexpected token `('
[admin@:Active] ~ * Trying xxx.x.xxx.26... connected
-bash: SSL: command not found
[admin@:Active] ~ * Connected to xxx.x.xxx.26 (xxx.x.xxx.26) port 8080
-bash: syntax error near unexpected token `('
[admin@:Active] ~ > HEAD /vminet.html HTTP/1.1
-bash: /vminet.html: No such file or directory
[admin@:Active] ~ > User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
-bash: syntax error near unexpected token `('
[admin@:Active] ~ > Accept: */*
-bash: SSL/rui.crt: Permission denied
[admin@:Active] ~ > Host:itlml.affsc..
[admin@:Active] ~ >
-bash: syntax error near unexpected token `newline'
[admin@:Active] ~ < HTTP/1.1 200 OK
-bash: HTTP/1.1: No such file or directory
[admin@:Active] ~ HTTP/1.1 200 OK
-bash: HTTP/1.1: No such file or directory
[admin@:Active] ~ < Server: Apache-Coyote/1.1
-bash: Server:: No such file or directory
[admin@:Active] ~ Server: Apache-Coyote/1.1
-bash: Server:: command not found
[admin@:Active] ~ < Set-Cookie: JSESSIONID=0D29770EA5D3BD90A1C10D516BE135E0; Path=/
-bash: Set-Cookie:: No such file or directory
[admin@:Active] ~ Set-Cookie: JSESSIONID=0D29770EA5D3BD90A1C10D516BE135E0; Path=/
-bash: Set-Cookie:: command not found
[admin@:Active] ~ < Content-Type: text/html;charset=UTF-8
-bash: Content-Type:: No such file or directory
[admin@:Active] ~ Content-Type: text/html;charset=UTF-8
-bash: Content-Type:: command not found
[admin@:Active] ~ < Transfer-Encoding: chunked
-bash: Transfer-Encoding:: No such file or directory
[admin@:Active] ~ Transfer-Encoding: chunked
-bash: Transfer-Encoding:: command not found
[admin@:Active] ~ < Date: Tue, 21 Aug 2012 21:03:14 GMT
-bash: Date:: No such file or directory
[admin@:Active] ~ Date: Tue, 21 Aug 2012 21:03:14 GMT
-bash: Date:: command not found
[admin@:Active] ~
[admin@:Active] ~ * Connection 0 to host xxx.x.xxx.26 left intact
-bash: Accept:: command not found
[admin@:Active] ~ * Closing connection 0
login as: admin
Using keyboard-interactive authentication.
Password:
Last login: Tue Aug 21 15:15:51 2012 from xxx.x.xxx.252
[admin@:Active] ~ curl -v -I http://xxx.x.xxx.26:8080/vminet.html -H "Host:itlml.affsc.af.mil"
* About to connect() to xxx.x.xxx.26 port 8080
* Trying xxx.x.xxx.26... connected
* Connected to xxx.x.xxx.26 (xxx.x.xxx.26) port 8080
> HEAD /vminet.html HTTP/1.1
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Accept: */*
> Host:itlml.affsc.af.mil
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Set-Cookie: JSESSIONID=216685349E207756719BD7F78EEFFD22; Path=/
Set-Cookie: JSESSIONID=216685349E207756719BD7F78EEFFD22; Path=/
< Content-Type: text/html;charset=UTF-8
Content-Type: text/html;charset=UTF-8
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
< Date: Tue, 21 Aug 2012 21:20:54 GMT
Date: Tue, 21 Aug 2012 21:20:54 GMT
* Connection 0 to host xxx.x.xxx.26 left intact
* Closing connection 0
[admin@:Active] ~
http://xxx.x.xxx.26:8080/vminet.html
The above iRules all are built with the URI == / not vminet.html if you need it to redirect when equaled to vminet.html then use the following
when HTTP_REQUEST {
if { [HTTP::uri] equals "/vminet.html" } {
HTTP::uri "/site.html"
}
You can put a logging statement in your iRUle to log the URI and make and what you are matching on
log local0. "URI == [HTTP::uri] Matching == /vminet.html"
CLIENT --> HTTPS --> F5 --> HTTP:8080 --> Tomcat-Server
I've created a VIP which handle the SSL-termination. Then I have a server-pool with the tomcat-server, which listen on port tcp 8080.
When I connect directly to the tomcat-server with tcp:8080, then all works fine. When I connect through the loadbalancer with https://, then I get a client error-message "Internet Explorer cannot display webpage".
This is pretty simple to diagnose with a network trace. If you don't want to mess with decrypting the SSL, just do a tcpdump between the LTM and tomcat. Capture the inbound client request and the response. I bet that will tell you what's happening. You could also simply create an HTTP VIP just to see if that fixes it, or apply and HTTP profile to the HTTPS VIP with the Redirect Rewrite profile option set to All.
b virtual (name) list
b pool (name) list
b rule (name) list