Forum Discussion

SysTopher's avatar
SysTopher
Icon for Nimbostratus rankNimbostratus
Nov 13, 2015

HTTP Profile java site

Hi everyone,

 

I'm attempting to setup an LTM virtual server to an application we will eventually be putting an APM policy onto. I've setup a basic VIP that works fine with the absolute basic settings. Since I'll need to add an APM I tested applying the default HTTP profile to the VIP and then it breaks my access to the site.

 

The website uses Java. Normally users who visit the site will see a new window pop up which loads a Java login screen. I'm assuming this is what's different that makes it so that the normal HTTP profile doesn't work.

 

Has anyone had to deploy an HTTP profile to a web app that uses Java like this?

 

Thanks!

 

application delivery
LTM

9 Replies

Sort By
  • SysTopher's avatar
    SysTopher
    Icon for Nimbostratus rankNimbostratus
    Nov 13, 2015

    Just to clarify, when I put the HTTP profile onto the virtual server the site will not load at all. It seems to time out.

     

  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Nov 13, 2015

    Is your site HTTPS? If so, you will require a client SSL profile in order to apply the HTTP profile.

     

    • SysTopher's avatar
      SysTopher
      Icon for Nimbostratus rankNimbostratus
      Jan 21, 2016
      This ended up requiring a pcap and discovering that the backend server had very strict cipher requirements that took much tweaking to finally solve.
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Nov 13, 2015

    Is your site HTTPS? If so, you will require a client SSL profile in order to apply the HTTP profile.

     

    • SysTopher's avatar
      SysTopher
      Icon for Nimbostratus rankNimbostratus
      Jan 21, 2016
      This ended up requiring a pcap and discovering that the backend server had very strict cipher requirements that took much tweaking to finally solve.
  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Nov 13, 2015

    SysTopher,

    This usually occurs when you are using an HTTPS website and you apply a HTTP profile without decrypting the traffic. If this is the case apply a clientssl and a server ssl profile and then it will work.

    Has anyone had to deploy an HTTP profile to a web app that uses Java like this?

    Yes and they work fine. The F5 usually passes traffic unmodified with basic virtual server settings like yours.

  • SysTopher's avatar
    SysTopher
    Icon for Nimbostratus rankNimbostratus
    Nov 16, 2015

    I tried to apply an SSL profile and instantly get a connection reset. If I configure the same on an IIS server it works fine, but for some reason this application I'm getting a reset.

     

    I've tried importing the SSL cert/key from the site for the client SSL, while doing the default serverssl profile for the backend.

     

    I've tried using both the clientssl and serverssl default profiles.

     

    I've tried creating new ssl profiles for both and selecting the Proxy SSL option for both.

     

    Every single attempt result in connection reset. If I add the http profile it times out like it was before adding the SSL profiles.

     

    I may have to do a pcap...

     

  • SysTopher's avatar
    SysTopher
    Icon for Nimbostratus rankNimbostratus
    Jan 21, 2016

    It turned out to be the Ciphers being used and the backend server not communicating until we configured the ciphers exactly to match the backend certs.