F5 WAAP - Error 503 - Service Unavailable

Question

Hello Everyone,having a problem with F5 WAAP while im trying to take a service behind WAAP.here is my architecture.i have a Customer Edge on my network and this customer edge is on same subnet with my private application.XC can connect my CE successfully there is no problem with that, and i have created HTTP LB and origin servers.also i provide my custom certificate and point my CNAME to F5 XC given cname address.but when im trying to connect my application im having this error;The requested URL was rejected. Please consult with your administrator.Your support ID is XXXXXXXXXXXXXXXXXXXXXError 503 - Service Unavailablecheers,emir

nikoolayy1 · Answer

You have not provided a lot of info.
&nbsp;
Is the origin pool health monitor http/htttps and is it up ?
&nbsp;
Have you seen if you can connect to the server when you remove the WAF and service policies under the LB?
&nbsp;
In the logs investigate if you see any errors like TLS errors as maybe you have not enable tls under the origin or the tls level need to be set to medium and low and to not check the server certificates under the origin. Also in the http logs (review the security and performance logs under the Dashboards in XC) you can see the real server response code (upstream response) but better remove the WAF and Service policies as I said.
&nbsp;
Other than that F5 XC by default overwites the Host header value when sending traffic to the origin servers and this can be dissabled under the route objects.
https://community.f5.com/t5/technical-articles/introduction-to-f5-distributed-cloud-platform-per-route-waf/ta-p/304079
You will need to do some investigation on your own I suggest maybe taking the F5 training in the link below if you are going to support this product:
&nbsp;
https://www.f5.com/learn/training#sort=%40f5_title_sort%20ascending&amp;f:@f5_primary_product=[Distributed%20Cloud]
&nbsp;
&nbsp;

emircanbas · Answer

Hello,thank you for your kind responses, here is the detailed log im seeing,scheme - http"rsp_code - 503""rsp_code_details - cluster_not_found""dst_site - NOT-APPLICABLE"&nbsp;is it enough or would you want me to give more detailed.

nikoolayy1 · Answer

As I mentioned better go through the F5 XC training for you to be able to narrow down the issue and then maybe to provide a more detailed info in the forum when the issue is complex and you can't solve it. The error for me suggests that maybe the issue is with your Customer Edge (CE) in some way as probably your Load Balancer or origin pool is on the CE not on the XC Global Cloud Regional Edge RE.
&nbsp;
Edit:
&nbsp;
This message cluster_not_found could be related to your CE cluster of 3 nodes but why it is not found when you mentioned that the CE is ok I can't tell.
&nbsp;

&nbsp;

nikoolayy1 · Answer

Hello emircanbas&nbsp; did found the issue ?
&nbsp;
Was it related with the XC CE cluster of 3 nodes not being available as I mentioned because of the error "cluster_not_found" and the LB being advertized on this CE cluster site or origin pool using this CE cluster site for discovering and connecting to the pool members ip address or public DNS (the origin pool seems more likely)?

Forum Discussion

F5 WAAP - Error 503 - Service Unavailable

Error 503 - Service Unavailable

4 Replies

Recent Discussions

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

F5Access | MacOS Sonoma

Ansible modules for F5OS

VPN fragmented IP packets dropped

Related Content

Per-app failover for Kubernetes-based services using F5 Distributed Cloud Services

Getting Started with F5 Distributed Cloud Managed Services

Service discovery and registration with BIG-IP

Proxy SSL unavailable suite (47) issue

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing