abdulsalam3105 commented on issue #12064: URL: https://github.com/apache/trafficserver/issues/12064#issuecomment-2693370473
Hi @mlibbey , below is the curl output from ATS machine to my origin I have my application behind the IHS. curl -v https://IHSURL.com/ccm * Trying xx.xx.xxx.xxx:443... * Connected to IHSURL.com (xx.xx.xxx.xxx) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/pki/tls/certs/ca-bundle.crt * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Unknown (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: C=US; ST=xx; L=Stuttgart; O= company; CN=IHSURL.com * start date: Nov 26 08:00:58 2024 GMT * expire date: Nov 26 08:00:58 2026 GMT * subjectAltName: host "IHSURL.com" matched cert's "IHSURL.com" * issuer: C=US; O=company; CN=bca IssuingCA * SSL certificate verify ok. * TLSv1.2 (OUT), TLS header, Unknown (23): > GET /ccm HTTP/1.1 > Host: IHSURL.com > User-Agent: curl/7.76.1 > Accept: */* > * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.2 (IN), TLS header, Unknown (23): * Mark bundle as not supporting multiuse < HTTP/1.1 401 Unauthorized < Date: Mon, 03 Mar 2025 06:03:22 GMT < Strict-Transport-Security: max-age=63072000; includeSubDomains; preload < X-Powered-By: Servlet/3.0 < Strict-Transport-Security: max-age=31536000 < WWW-Authenticate: Basic realm="JSA" < WWW-Authenticate: Bearer realm="JSA" < X-JSA-AUTHORIZATION-URL: https://IHSURL.com/oidc/endpoint/jazzop < X-JSA-AUTHORIZATION-REDIRECT: https://IHSURL.com/oidc/endpoint/jazzop/authorize?client_id=kdfjjfdkjdlfkdj&response_type=code&state=security_token1%3DRL0PXKMFG%2BgCLMgrRfi8%2BA5pntBpGw5dpEbGOGtt4fc%3D%26security_token2%3DcdJ6OMIdyWZZLetuhDNv2Atakz5vKynsQu1TQ5exsFU%3D%26return%3Dhttps%253A%252F%252FIHSURL.com%252Fccm%26scope%3Dopenid%2Bgeneral%2Bprofile%2Bemail%2B%26impersonation%3Dtrue&scope=openid+general+profile+email+&redirect_uri=https%3A%2F%2FIHSURL.com%2Fccm%2Fjsa < Content-Length: 0 < Set-Cookie: JSA_CSRF_f0c680de-4790-4836-89ee-f529a142b80a=8bdcb719-d50b-4ff6-93e8-a30c59b79892; Path=/ccm; Secure; HttpOnly; SameSite=None < Content-Language: en-US < * Connection #0 to host IHSURL.com left intact also if i use my application url in remap.config, it works. i.e. bypassing IHS. any guess why it works if i use application url in remap.config. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
