Forum Discussion

Altocumulus

Oct 10, 2022

BIGIP resets connecion

Hello Team How to check what's the reason for resetting connection from F5 in this situation: F5 receives from server 'application/octet-stream' http first packet, acknoledges it and then sends r...

application delivery

devops

Mohamed_Salah_
Oct 11, 2022
Hello,
what great news, that it is working now. I think you can extract the headers and value pairs and check them by yourself and compare header names and values with RFC.
For example, the following HTTP request from the client causes the connection to be reset:
POST /web/page HTTP/1.1
Accept: */*
aaabbbccc
Cache-Control: no-cache
Content-Length: 438
Note: The aaabbbccc header is malformed because it does not conform to the name: value syntax.
Using another example, the following HTTP request from the client also causes the connection to be reset:
POST /web/page HTTP/1.1
Accept: */*
aaabbbccc :
Cache-Control: no-cache
Content-Length: 438
Note: If there is a white space between the field name (aaabbbccc) and colon (:), then the request fails and the system considers it to be malformed. Full details about HTTP header restrictions are described in IETF RFC 7230: Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing.This link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.
Reference: https://support.f5.com/csp/article/K38905534

Unfortunately, it is not mentioned in any of F5 articles how to check for the malformed header and know the header specifically, so you can check it by yourself by getting all of the header names and values.
BR,
Mohamed Salah

Mohamed_Salah_

MVP

You may need to check the below article also for getting the root cause in the packet capture.

https://support.f5.com/csp/article/K89012646

T5C

Altocumulus

Oct 10, 2022

I've checked it is reseted because "Malformed HTTP header error". I suspect specific header but would like to be sure that it is because of that header - how to check which http header caused an error/is it possible to display such information ?

Mohamed_Salah_
MVP
Oct 10, 2022
Hello,
as per the below article "Beginning BIG-IP 12.0.0 HTTP profile enforces strict header checks. HTTP request or response that does not conform to RFC 7230, will be considered a malformed HTTP header and the BIG-IP system will reset the connection."
https://support.f5.com/csp/article/K66202369
the work around mentioned is to user trasparent http profile, which is:
"The Transparent Proxy Mode enables the BIG-IP system to forward invalid HTTP traffic to a specified server, instead of dropping the connection. By configuring an HTTP profile to forward invalid HTTP traffic, you can manage various atypical service provider scenarios, such as HTTP traffic from non-browser clients that function as web browsers."
Also, take a look at these links:
https://support.f5.com/csp/article/K54310202
https://support.f5.com/csp/article/K52671508

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

BIGIP resets connecion

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Re: BigIP Report

BigIP Report Old

Integrating the F5 BIGIP with Azure Sentinel

Securing APIs with BigIP

BIGIP SHOW INOPERATIVE

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS