Application Web Pages Not Being Served Correctly by F5

A few thoughts:

1. One of the most prevalent "reverse proxy problems" is when an application doesn't understand that it's behind a reverse proxy and either serves up object references (images, JavaScript, style sheets, etc.) and redirect URLs with HTTP:// when the VIP is listening on HTTPS://, or the application serves up (absolute) object references for the server name that it thinks it is, versus the host name represented at the VIP. The easiest way to pin this down is to run a client side capture and see what the server is sending through the proxy.

    

2. Not nearly as likely, but still a possibility, there could be TCP-related (and/or possible HTTP profile settings) issues between the F5 and the server. Again, a capture is your best bet for troubleshooting this one.

    

I've certainly suffered issues around what Kevin describes in 1).

Just one thing to add, if you're not terminating the SSL on the F5 then cookie Persistence won't work. I'm not really sure a WA profile would either.

BASE URL's in the code seem to be a particular favourite for some sites. The good news is that these can be fixed with a single rewrite... You really need to open the pages with firebug or similar and find the URI's that are failing. From there you can usually find where they are in the source stream and implement a suitable rewriting policy to cover them.

Hi guys,

Thanks for the suggestions. Just to clarify a couple of things: 1. The application doesn't actually use SSL, which is why there's no SSL termination 2. The problem is actually intermittent in that it's not a certain page that "always" fails to load properly and there's no way we've found to consistently reproduce the issue

It's quite difficult to troubleshoot in that respect. As I said, we think we've narrowed it down to a specific piece of Javascript that isn't being received at the client end...sometimes...and the result is that certain buttons on the app web page are greyed out rather than active.

If it helps, the application is written in Delphi and is being served up by IIS at the back end. It's an ugly application but it did seem to work OK behind iptables.

Any further thoughts most welcome.

Cheers, Ben.

As Kevin mentioned already, it could be caused on transport layer as well. If you have assigned a tcp-profile with 'nagle´s algorithm' enabled it could cause serious delays as the virtual server is 'collecting' data to fill a paket / segment to avoid signalling overhead. Switching to a lan_optimized_tcp profile or turning off 'nagle´s' may solve the problem without in-depth analysis.

@Stephan: The VS is using the default TCP profile which doesn't have Nagle's enabled (I've double-checked). I'll have a look at switching to the lan-optimized profile. The capture process is a bit hamstrung unfortunately as the app is hosted for a different customer and we have to have them do the testing. They've not proven terribly adept at following instructions up to this point.

If you enable request and response logging, do you ever see a request for the javascript failing? Or not being requested? (You could also get this from the access logs on the web server, but the bigip may be more useful if it breaks at the lb somehow)

Hi Benj,

Which LTM version is it? > 11 and HF? Do you have compression enabled?

Regards, Leo