HTTP and HTTPS Proxy generates websocket error 403 and 503.

Question

Hello. My name is Byung.&nbsp;
I am able 3 years into F5 and still feel like a newbie. I came across a very weird websocket issue. My DB admin ask to proxy a web server listening on port 8888(http). So, I created a VIP listening on port 80 forwarding it to pool member on port 8888. Forwarding works fine, but DB came back stating site is not functional. 
After some analyse on Chrome, websocket is generating error 503, when using http and error 403, when VIP uses https.&nbsp;
I have tried it without http profile, with http profile and winsock profile, http profile with iRule disabling http profile, if header contains "websocket". Nothing seems to fix this issue. &nbsp;
It looks like something called "spring-websocket.js" fails to contact the server. Accessing server directly on port 8888 does not have this issue. &nbsp;
Any suggestion will be greatly appreciated. This has been day 5.&nbsp;
Thank you all and have a wonderful day. &nbsp;

becooked_349400 · Accepted Answer

when HTTP_REQUEST { &nbsp;
     HTTP::header insert X-Forwarded-Host [HTTP::host] X-Forwarded-Port 443
}&nbsp;

jg · Answer

What does the log of the web server on port 8888 say about the errors?&nbsp;

kevin_davies · Answer

The 503 will because websocket is not HTTP -- https://support.f5.com/csp/article/K14754. The 403 is because your app is using port 8888 and the virtual is on port 80. Have you analysed the TCP connections leaving the client machine using Tcpdump? You will need to ensure that its not trying to communicate on different ports. Alternatively you can make your virtual server listen on all ports by specifying 0 (remove the HTTP profile, add a simple iRule to CLIENT_ACCEPTED to log incoming connects with [TCP::local_addr]) then you will see from the logs what ports are being used from your clients address.

becooked_349400 · Answer

I sent message to the Server admin. I will let you know as soon as I get some responds back. Meanwhile, is there any thing I can take a look on F5? I ran a tcpdump, but it was all encrypted(TLS) trafffic.&nbsp;
Thank you and have a nice day.&nbsp;

Forum Discussion

HTTP and HTTPS Proxy generates websocket error 403 and 503.

4 Replies

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Related Content

how to add HTTP HOST to telemetry (Generic HTTP)?

Securing Generative AI: Defending the Future of Innovation and Creativity

Generate API SDK for F5 Distributed Cloud

Telemetry Streaming generic HTTP push consumer forwards events to Oracle cloud

API Discovery and Auto Generation of Swagger Schema