For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

adharkrader's avatar
adharkrader
Icon for Nimbostratus rankNimbostratus
Aug 02, 2010

Fallback: which VS failed?

Since we were originally a Cisco shop, have a "sorry server" for all failed applications. In the Cisco environment, you still appear to be at the hostname you intended, so it's easy for the sorry pag...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 03, 2010
"They" is the browser not LTM. The client's user-agent is responsible for setting the Referer header. It's also optional according to RFC2616. I'd have thought most user agents would set the Referer header to the value of the last request though.

 

 

Are you redirecting the client from an HTTPS VS to an HTTP fallback host? If so, it looks like most user-agents won't set the Referer header when going from HTTPS to HTTP:

 

 

 

http://tools.ietf.org/html/rfc2616section-15.1.3

 

 

Clients SHOULD NOT include a Referer header field in a (non-secure)

 

HTTP request if the referring page was transferred with a secure

 

protocol.

 

 

 

Aaron