09-15-2008 04:09 AM
Hi guys,
Have an issue with a new ACE install. In the process of logging a TAC but will try here first.
It would seem like the ACE is prepending a http link with more information than required.
This is a log from a connection going straight to backend server:
128.27.6.84 - - [12/Sep/2008:17:12:33 +0100] "GET /gw/webacc?Provider.name=GWXMLV&GWXMLV.Action=Logout&User.context=ir4uu5Phdtt8fn6Mu1&merge=webacc HTTP/1.1" 302 -
This is the log going through the ACE, same at the start then adds additional info:
128.27.6.84 - - [12/Sep/2008:17:10:51 +0100] "GET /gw/webacc?Provider.name=GWXMLV&GWXMLV.Action=Logout&User.context=cweqz5Phcri4gg6Oqb&merge=webacc HTTP/1.1" 302 - "https://x.x.x.x/gw/webacc?Provider.name=GWXMLV&User.context=cweqz5Phcri4gg6Oqb&merge=GWXMLV/caption_mail" "Mozilla/5.0 (X11; U; Linux i686
(x86_64); en-GB; rv:1.8.1.16) Gecko/20080716 SUSE/2.0.0.16-0.4 Firefox/2.0.0.16
Anyone see this before? And how do i resolve it
Regards
James
Solved! Go to Solution.
09-16-2008 05:00 AM
James,
I realised I don't have your config, so I'm not sure you terminate SSL on your ACE module.
Is this SSL frontend and HTTP backend ?
In this case, you should try the url rewrite config as mentioned before.
Try :
If you are doing something different, we'll need more details and a sniffer trace.
Gilles.
09-15-2008 05:06 AM
James,
The log says in both case you receive a 302 response from the server.
This is a redirect.
A redirect always include a location.
Your log simply shows the location when going through ACE.
This information is not added by ACE.
It comes directly from the server.
Not sure why it is not showing in first case.
If there is a concern, you need to capture a frontend and backend sniffer trace.
Use the private key to decode the frontend.
Gilles.
09-15-2008 07:12 AM
Gilles,
Strange why it only shows when we go through the VIP then.
The Server we are testing from is in the DMZ on the client side of the ACE but in the same Subnet. ACE is in bridged mode, i wonder if this is maybe causing an issue? I would like to see it removed from there and a true test completed from outside the DMZ.
James
09-15-2008 07:56 AM
Actually, I have to correct what I said.
What you see is the Apache log which has the format :
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog log/acces_log combined
So the link that you see is the Referer.
This is still set by the server.
I believe it is set because the server name does not match the hostname in the url.
Not exactly sure, but this is not done by ACE.
If you just don't want to see it in your log, modify the log format inside your Apache config file.
Gilles.
09-15-2008 11:51 AM
Gilles,
Thanks again for taking the time to reply.
The reason we were checking the log is because the link does not work when going via the ACE and works when you go straight to the Server. This what we seen in the log and thought it was the issue. This is the only link that fails but can't find the reason why
James
09-16-2008 12:38 AM
Gilles,
Do you suggest upgrading the software on the ACE, i am currently running Version A1(8.0a) [build 3.0(0)A1(8.0a)
James
09-16-2008 01:04 AM
The response is apparently a redirect from the log.
So, do you have the urlrewrite command to change the location field from http to https ?
You will need a sniffer trace to see what is going on.
Gilles.
09-16-2008 01:14 AM
Gilles,
I don't have a urlrewrite command, i wasn't aware it was required for the return traffic.
Any notes for setting this up?
James
09-16-2008 05:00 AM
James,
I realised I don't have your config, so I'm not sure you terminate SSL on your ACE module.
Is this SSL frontend and HTTP backend ?
In this case, you should try the url rewrite config as mentioned before.
Try :
If you are doing something different, we'll need more details and a sniffer trace.
Gilles.
09-16-2008 05:17 AM
Gilles,
Yes it is SSL frontend and HTTP backend.
I discovered that link and in the process of trying it.
Thanks again for pointing me in the right direction, i'll let you know how it goes.
James
09-19-2008 12:37 AM
Gilles,
I now have this issue resolved, i applied a url re-write at the backend to handle the url redirect
Thanks for your help
James
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide