Forum Discussion
praveen_73358
Nimbostratus
NimbostratusHTTP/1.1 response from F5 for HTTPS VIP
Dear All,
We have a F5 with version IP 10.0.1 Build 378.0 Hotfix HF3.
I need HTTP/1.1 response from the F5 with 502 code for a HTTPS VIP.
We have tried the below iRule using SSL::respond:
when LB_FAILED { SSL::respond "HTTP/1.1 502 Bad Gateway\r\nServer: BigIP\r\nConnection: close\r\nContent-Length: 0\r\n\r\n" }
However the desired output was not obtained.
As per the previous updates above I see that this should work in version 10 as per below discussion:
http://devcentral.f5.com/Forums/tabid/1082223/asg/50/showtab/groupforums/afv/topic/aff/5/aft/60438/Default.aspx
Can anyone update if there is any issue with the iRule we tested.
Thanks,
Praveen
hooleylistCirrostratus
Do you have a client SSL profile added to the virtual server? If so, you can use HTTP::respond instead of SSL::respond. The syntax should be about the same. Also, make sure to use \r\n as this is the delineator for HTTP headers.
Aaron
praveen_73358Hi,
We have used the attached iRule wherein we have used HTTP::respond and it did not work.
Anything wrong with the iRule above?- hooleylistHi Praveen,
Sorry, I've been missing the point in your posts on this. You need to send an HTTP 1.1 response, but HTTP::respond doesn't currently support sending an HTTP 1.1 response. There is a request for enhancement ID, 337768, which tracks the request to send an HTTP response with a version that matches the original request version. There's a suggestion to add a flag to override this behavior if you want to hard code the response version.
I'm not sure why SSL::respond isn't working in LB_FAILED. I suggest opening a case with F5 Support on this. I found one case related to this issue (which might be from your reseller?) but the specific issue of SSL::respond not working in LB_FAILED wasn't investigated fully.
Hope this helps,
Aaron