Forum Discussion

maximillean_953's avatar
maximillean_953
Icon for Nimbostratus rankNimbostratus
Aug 26, 2011

F5 Ltm Asm module and google chrome problem

Hello,

 

 

Couple days ago we activate the asm module. It works nice with nice features.

 

But we have only one problem that we could not overcome.

 

 

Problem is related with google chrome browser and with it only. The all others works perfectly.

 

 

Random times / google chromes gets a null page response from f5 directly without dispatching the request to the pool but sometimes it does dispath and brings me the correct request.

 

 

As an example below captured from wireshark from chrome machine.Clean cookie and history first request from and response from F5. F5 added also "?srpclwjccvhocvho" string to meta url

 

line somehow.

 

 

Request

 

GET / HTTP/1.1

 

Host: www.test.com

 

Connection: keep-alive

 

Cache-Control: max-age=0

 

User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1

 

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

 

Accept-Encoding: gzip,deflate,sdch

 

Accept-Language: en-US,en;q=0.8

 

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

 

 

 

Response

 

HTTP/1.1 200 OK

 

Connection: Close

 

Pragma: no-cache

 

Cache-Control: no-cache

 

Server: HTTP Server 1.0

 

Content-Type: text/html; charset=UTF-8

 

Content-Length: 222

 

 

html head

 

meta http-equiv="refresh" content="0;url=http://www.test.com/?srpclwjccvhocvho"

 

meta http-equiv="pragma" content="no-cache"

 

meta http-equiv="expires" content="-1"

 

/head body /body /html

 

 

On the other hand another request and response 10 minutes later.

 

 

request

 

GET / HTTP/1.1

 

Host: www.test.com

 

Connection: keep-alive

 

Cache-Control: max-age=0

 

User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1

 

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

 

Accept-Encoding: gzip,deflate,sdch

 

Accept-Language: en-US,en;q=0.8

 

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

 

 

response

 

HTTP/1.1 200 OK

 

Date: Fri, 26 Aug 2011 14:56:32 GMT

 

X-Powered-By: PHP/5.3.3-1ubuntu9.5

 

Expires: Thu, 19 Nov 1981 08:52:00 GMT

 

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

 

Pragma: no-cache

 

Vary: Accept-Encoding

 

Keep-Alive: timeout=15, max=800

 

Connection: close

 

Content-Type: text/html; charset=UTF-8

 

Content-Encoding: gzip

 

 

The host i try this is not connected to site all day long can not be blocked did not even connect any other pool on f5 either. It doesnot get recorded in non of the logs nothing.

 

 

I try everyting cookies,chunck behaviour on profile anything i mean we try anything. But somehow this only occurs on google chrome and nothing else. 30 people tested site with 6 different browsers for more then 40 hours. Client side all done. clear caches try without clearing tried. This behavior is only seen the pool that asm applied and not on the non asm applied pools.

 

 

Also the browser requests from chrome and seamonkey

 

 

Chrome

 

Chrome gets this some of the time and some of the time not.

 

 

GET / HTTP/1.1

 

Host: www.test.com

 

Connection: keep-alive

 

User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1

 

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

 

Accept-Encoding: gzip,deflate,sdch

 

Accept-Language: en-US,en;q=0.8

 

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

 

 

HTTP/1.1 200 OK

 

Connection: Close

 

Pragma: no-cache

 

Cache-Control: no-cache

 

Server: HTTP Server 1.0

 

Content-Type: text/html; charset=UTF-8

 

Content-Length: 222

 

 

html head

 

meta http-equiv="refresh" content="0;url=http://www.test.com/?srpclwjccvhocvho"

 

meta http-equiv="pragma" content="no-cache"

 

meta http-equiv="expires" content="-1"

 

/head body /body /html

 

 

 

Seamonkey

 

Seamonkey gets this all of the time. Which is correct respond from vserver.

 

 

GET / HTTP/1.1

 

Host: www.test.com

 

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.18) Gecko/20110412 SeaMonkey/2.0.13

 

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

 

Accept-Language: en-us,en;q=0.5

 

Accept-Encoding: gzip,deflate

 

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

 

Keep-Alive: 300

 

Connection: keep-alive

 

 

HTTP/1.1 200 OK

 

Date: Fri, 26 Aug 2011 14:56:32 GMT

 

X-Powered-By: PHP/5.3.3-1ubuntu9.5

 

Expires: Thu, 19 Nov 1981 08:52:00 GMT

 

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

 

Pragma: no-cache

 

Vary: Accept-Encoding

 

Keep-Alive: timeout=15, max=800

 

Connection: close

 

Content-Type: text/html; charset=UTF-8

 

Content-Encoding: gzip

 

 

tcpdump has no joy. When i get this response on chrome request never reaches the vserver vlan/interface.

 

 

Please anyone had same issue as us? Help us.

 

For tcpdump screenshot. http://i53.tinypic.com/1qhklk.png

14 Replies

  • i did that. already dispatching but at the same time. chrome user agent forged zombies attacking hits the servers.

     

    alot of zombies attacks via chrome named user agent.! So. that way did not worked well to be honest.

     

    ok thanks for answers.

     

  • hoolio i already try that F5 support doesnot helped us cause our support is standart level3. standart level3 doesnot support webcase opening so. If you are F5 employee this is the case number. C943690

     

    i send and receive 5 mails about this and that is what said to us.!

     

  • Instead of doing a meta refresh on the chrome browser's. Can you insert a cookie? When the cookie is generated you would insert some special random number that is stored in a table somewhere. You redirect the user and look for that random number in the cookie (verification)?
  • if you can give me an example i can try.

     

     

    Btw. the vserver has cookie and src ip consistency also there is an F5 asm cookie too.