HTTPS does not hit iRule

Question

Hi,
I'm to implement an iRule for HTTPS. The iRule is:
when HTTP_REQUEST { 
     HTTPS ------------------------------------------------------------------------
    log local0. ".TESTE HTTPS: [IP::client_addr] -&gt; [IP::local_addr] HOST:[HTTP::host] PATH:[HTTP::path] [HTTP::uri] [TCP::local_port]"  
    if { [string tolower [HTTP::host]] contains "xpto.com"  } {  
        log local0. ".TESTE HTTPS.IF: [IP::client_addr] -&gt; [IP::local_addr] [HTTP::host] [HTTP::uri] [TCP::local_port]"  
        switch -glob [string tolower [HTTP::uri]] {   
            "/index1.php"  {    
        persist source_addr 255.255.255.255 1800   
                log local0. ".TESTE index1: [IP::client_addr] -&gt; [IP::local_addr] [HTTP::host] [HTTP::uri] [TCP::local_port]"   
                node "10.1.144.100:[TCP::local_port]"   
            }   
            "/index3.php"  {    
        persist source_addr 255.255.255.255 1800   
                log local0. ".TESTE index2: [IP::client_addr] -&gt; [IP::local_addr] [HTTP::host] [HTTP::uri] [TCP::local_port]"   
                node "10.1.144.101:[TCP::local_port]"   
            }   
            "/index3.php"  {    
        persist source_addr 255.255.255.255 1800   
                log local0. ".TESTE /index3: [IP::client_addr] -&gt; [IP::local_addr] [HTTP::host] [HTTP::uri] [`TCP::local_port]"   
                node "10.1.144.102:[TCP::local_port]"   
                log local0. ".TESTE index3: [IP::client_addr] -&gt; [IP::local_addr] [HTTP::host] [HTTP::uri] [TCP::local_port]"   
            }   
            default  {  HTTPS but not BKO      
                log local0. ".TESTE DEFAULT: [IP::client_addr] -&gt; [IP::local_addr]"   
            }   
        }    
    }   
}

I have a similar iRule for a virtual-server HTTP and it works fine, this one, for https, does not work, and I do not see any log.  
Later to check if the iRule is called I have added to the iRule:

when CLIENT_ACCEPTED {    
    log local0. ".TESTE CLIENT_ACCEPTED: [IP::client_addr] -&gt; [IP::local_addr] [TCP::local_port]"    
     Check the VS port to determine if connection is SSL or not    
    switch [TCP::local_port] {    
       "443" {    
    log local0. ".TESTE CLIENT_ACCEPTED:443: [IP::client_addr] -&gt; [IP::local_addr] [TCP::local_port]"    
          set proto "https"    
       }    
       default {    
    log local0. ".TESTE CLIENT_ACCEPTED:not443: [IP::client_addr] -&gt; [IP::local_addr] [TCP::local_port]"    
          set proto "http"   
       }    
    }    
 }

I have logs for "CLIENT_ACCEPTED" and "443", so the iRule is called! 
The https use TLSv3.
So the question is: what's wrong?
Thanks,
LFR.

niels_van_sluis · Answer

Do you have a client-ssl profile attached to the virtual server? You need to terminate the SSL connection if you want to see the HTTP traffic.&nbsp;

Forum Discussion

HTTPS does not hit iRule

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

iRule node selection does not work

HTTP Forward Proxy (implemented with http-explicit HTTP Profile) filtering iRule - v1.0

DNS Does the Job

HTTP Request Cloning via iRules, Part 1

iRule Security 101 - #06 - HTTP Referer