Forum Discussion
NimbostratusContent-Length Header responses being Reset by LTM
Hello,
My company is in the process of converting our Fast Layer 4 VIP configurations to Standard SSL. We're having reset problems that have to with Siteminder server response that are not compliant with RFC2616. According to sol5922, any response that is not compliant with RFC2616 causes this error message, such as a web server response that includes a Content-Length header indicating a smaller value than the length of the data in the response. Is there an iRule that would allow the LTM to ignore these violations from Siteminder .fcc pages?
Thanks, Marty Seery, GSK
2 Replies
- Kevin_Stewart
Employee
At the very least you should be able to get around it by simply removing the HTTP profile. Do you need the HTTP profile for any iRule processing?
- Kevin_Stewart
To add an XFF HTTP header without the HTTP profile, you'd use TCP events:
when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if { [TCP::payload] contains "User-Agent:" } { set ua "\"User-Agent:\" \"X-Forwarded-For: [IP::client_addr]\r\nUser-Agent:\"" TCP::payload replace 0 [TCP::payload length] [string map $ua [TCP::payload]] } TCP::release TCP::collect }If the VIP is SSL-enabled, then this:
when CLIENTSSL_HANDSHAKE { SSL::collect } when CLIENTSSL_DATA { if { [SSL::payload] contains "User-Agent:" } { set ua "\"User-Agent:\" \"X-Forwarded-For: [IP::client_addr]\r\nUser-Agent:\"" SSL::payload replace 0 [SSL::payload length] [string map $ua [SSL::payload]] } SSL::release SSL::collect }
