Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Ashu_Aggarwal's avatar
Ashu_Aggarwal
Icon for Cirrus rankCirrus
Jan 18, 2020

HTTP POST messages are not load balanced.

Application/VS is configured with persistence profile "session cookie" & round-robin load balancing method. Application team is complaining HTTP POST messages from middleware (Axway) are going only t...
application delivery
big-ip
LTM
PeteWhite's avatar
PeteWhite
Icon for Employee rankEmployee
Jan 18, 2020

the session cookie persistence inserts a cookie into the stream to maintain the loadbalancing to that server. this will be the same for both GET and POST requests. Once this is set, all requests on that stream will hit that server so it should just be doing load based distribution - are you sure this isn't a DoS attack or suchlike? It could be that the middleware has setup a HTTP connection and is use pipelining and therefore targeting everything at one server due to the persistence.

You could change to least connections loadbalancing to see whether that fixes it. I'd tend to take a look at the stats and do some further testing to see this for yourself ie create 100 sessions with curl and see what cookie is returned. If that is fine then look further into the actual requests - whether they are one HTTP/TCP stream etc

  • Ashu_Aggarwal's avatar
    Ashu_Aggarwal
    Icon for Cirrus rankCirrus
    Jan 18, 2020
    Thanks Pete. It is internal application so DOS kind of possibilities are quite null. I will do a packet capture and see what happening Thanks again for your help.