Forum Discussion

Simon_Waters_13's avatar
Simon_Waters_13
Icon for Cirrostratus rankCirrostratus
Jun 12, 2018

APM what do virtual servers share?

I have three Access Profiles on an F5 HA pair.

 

All three did work on the 24th March.

 

All are multi-domain.

 

HTTP POST requests are failing to the second virtual server of the two in multi-domain preventing manual login requests with the web service behind that virtual server. Multi-domain just prevents access to the service, but authorised users need further credentials.

 

These troubled virtual servers share: HTTP-Profile - looks good. SSL Profile Client - looks good, shared with working services. Rewrite profile - looks good, changing/disabling has no effect. HTML profile - looks like default. Connectivity profile - looks irrelevant, also appears to be same as default. HTTP/2 profile - shared with working services.

 

It is possible other things have changed in the environment, there was a PHP 7.0 to PHP 7.1 upgrade about the time of the last successful use POST request to make it through these services.

 

I can login to the service behind the F5 successfully, it looks like GET requests succeed, but POST requests fail through the F5.

 

Any ideas on what might be shared, or what might be globally preventing this.

 

I think I've ruled out iRules, and a bunch of other changes (PHP version changes included).

 

Afraid I was on leave, so I am picking up pieces, trying to work out what was changed precisely to break these POST requests.

 

  • For the record this resolved itself, which is slightly worrying as it suggests it may be data related or something else not identified.

     

  • Digging further with WireShark I see HTTP POST data is being stripped from the POST request presumably by browser or F5.

     

  • Is the error appears when

     

    • user access to App1
    • user is redirected to logon page
    • user authenticate to logon page
    • user is redirected to App1
    • user try to post data on App2 (unauthenticated)

    If true, look at this code from Yann Desmarest

     

  • For the record this resolved itself, which is slightly worrying as it suggests it may be data related or something else not identified.