Forum Discussion
Extra character in HTTP 200 OK response
I am testing LTM solution for my internet facing site and we are running into some issues.The main page comes up fine but we have a login button in the middle of the page and it does not work when "HTTP profile" is enabled under the VIP. The issue is when we click the login button, the server responds back with a "http" response code 200 OK" but it includes an extra ":" character in the response, The server does not include the ":" extra character in any other 200 OK response but it only includes the extra character when it responds for the login request GET /scripts/runisa.dll?JOBS:ERLogin HTTP/1.1. The same url works fine if the HTTP profile is turned off.
The browser does not see any issue if it goes to the server directly but if the client goes through the VIP, LTM responds back to the server with RST.
GET /scripts/runisa.dll?JOBS:ERLogin HTTP/1.1 ...
(Status-Line) HTTP/1.1: 200 OK <<<<<< additional ":" here
Connection keep-alive
Content-length 9561
Content-type text/html
Date Wed, 07 Apr 2010 21:58:21 GMT
expires Wed, 07 Apr 2010 21:58:21 GMT
Server Microsoft-IIS/6.0
Can you guys have any suggestions to write a iRule to accept the extra character in the response code? Any help would be appreciated.
hoolioCirrostratus
Hi Murali,
It's very odd if this only occurs when LTM is parsing the HTTP content. What application is it? Can you capture a tcpdump of the traffic between LTM and the pool members and see if there is anything different in the requests with/without an HTTP profile added? You can use syntax like the following:
tcpdump -i 0.0 -s 0 -w /var/tmp/serverside.1.dmp host POOL_MEMBER_IP
Aaron- Hi Aaron, Server is adding the extra character in the response all the time. LTM sends a reset when HTTP profile is enabled. If HTTP profile not enabled, it just passes back to the client. There is no difference in the request from the LTM. Only when the HTTP profile is enabled, LTM does not like the ":" character in the HTTP 200 OK response.
- hoolioAh, ok. So it would be best to figure out why the server is setting an invalid character in the response line.
Else, if you could try disabling the HTTP profile just for requests to /scripts/runisa.dll?JOBS:ERLogin. The downside to this workaround would be that you couldn't do any layer 7 processing of the request payload or response headers and payload (including cookie persistence) for the remainder of that TCP connection from the client to the VS.when HTTP_REQUEST { Check if URI is one we need to disable the HTTP filter for if {[string tolower [HTTP::uri]] eq "/scripts/runisa.dll?jobs:erlogin"}{ Disable the HTTP filter for the rest of the connection HTTP::disable } }
Another option you could try would be to collect the TCP payload on responses for requests to this URI and remove the character from the response line. You could do this using TCP::collect (by setting a variable in HTTP_REQUEST and then checking that variable in SERVER_CONNECTED). I haven't tried this though, so I'm not sure whether it's possible or usable. If it did work, it should allow you to continue using the HTTP profile for all requests and responses.
Aaron - Thanks Aaron. I appreciate it. I cant disable HTTP profile as I have to configure ASM after loadbalncing works fine. So my option would be to remove the character from the response line. I will try and let you know. Thanks
