We have already configured same, VMware support tech also tried it. It has been working fine with /cloud & /tenant-networking after upgrade.

But  still geting following error on /provider & /tenant

Do you have any restricted irules inside of the F5? I had a customer recently that has a secure environment and had to add /api/session and /cloudapi for the H5 UI to operate properly.

Thanks Palu.

Great and your champ .

We allowed just  now required rules such as /api/session and /cloudapi in F5.Now we are able to access portal using /provider address ,but we don’t see any data or anything once we logged in using /provider .

Please find below screen shot

Just now we disabled rule in F5 for this portal and now we can see data when we access using /provider

Which rule did you disable?

We have an an irule for vcloud portal in F5  .We just disabled that vcloud portal rule. Then /provider portal is accessible and also can see data’s .

Now we again enabled same irule in F5,then we are able to access /provider portal, but not seeing any data .So do you suggest/advise if anything should do with F5 or disable irule will fix ?

Thanks Paluszekd,

We have disabled complete irules and when we do that, it allows everything to run properly.

Within iRules, we have rules to inspect api access, so that we can stop user@system api calls from external network.

My colleague shankarsingh​ has sent you personal message to you with detailed configuration of irules.

Part of rule is:

elseif { $http_path starts_with "/api/"} then {

         if { [HTTP::header exists Authorization] } {

            set creds [HTTP::username]

            if { $creds ne "" } {

looking at logs from F5, we see that it is getting username as null.

Note that our existing API access is working, just that this /provider & /tenant portal are loading, but they cannot pull data using api calls.

Hi piyushpaldewar​ - thanks for the note. I received a blank message, so please re-send it if possible.

From another provider of mine that runs a restricted vCD instance with F5, this is the list of irules that needed to be implemented to allow proper H5 UI access:

/tenant/*

/api/sessions/*

/network/*

/tenant-networking/*

/cloudapi/*

/cloud/org/*

/cloud/vmrcconsole.html

/cloud/customtheme*

/cloud/webmksconsole.html

/cloud/support/

/cloud/amf/*

/tenant, /network, /tenant-networking, /cloudapi and /api/sessions that allow for the html5 ui

Hi

We added /tenant and /tenant-networking post upgrade to vCD 8.2

Now with 9.5, after trying different options, we have concluded that following is required.

or $http_path starts_with "/api/org"

            or $http_path starts_with "/api/admin/org/"

            or $http_path starts_with "/api/query"

            or $http_path starts_with "/api/session"

            or $http_path starts_with "/cloudapi"

Once we do this, we pretty much lose capabilities to restrict api access from outside.

I'll send you code tomorrow.

Hi Paul, thanks for checking and your help .

I sent you f5 rule separately