Forum Discussion

praveen_73358's avatar
praveen_73358
Icon for Nimbostratus rankNimbostratus
Feb 11, 2011

HTTP/1.1 response from F5 for HTTPS VIP

Dear All,

 

 

We have a F5 with version IP 10.0.1 Build 378.0 Hotfix HF3.

 

 

I need HTTP/1.1 response from the F5 with 502 code for a HTTPS VIP.

 

We have tried the below iRule using SSL::respond:

 

 

when LB_FAILED { SSL::respond "HTTP/1.1 502 Bad Gateway\r\nServer: BigIP\r\nConnection: close\r\nContent-Length: 0\r\n\r\n" }

 

 

However the desired output was not obtained.

 

As per the previous updates above I see that this should work in version 10 as per below discussion:

 

 

http://devcentral.f5.com/Forums/tabid/1082223/asg/50/showtab/groupforums/afv/topic/aff/5/aft/60438/Default.aspx

 

 

Can anyone update if there is any issue with the iRule we tested.

 

 

 

Thanks,

 

Praveen

3 Replies

  • Do you have a client SSL profile added to the virtual server? If so, you can use HTTP::respond instead of SSL::respond. The syntax should be about the same. Also, make sure to use \r\n as this is the delineator for HTTP headers.

     

     

    Aaron
  • Hi,

     

     

    We have used the attached iRule wherein we have used HTTP::respond and it did not work.

     

     

    Anything wrong with the iRule above?

     

     

  • Hi Praveen,

     

     

    Sorry, I've been missing the point in your posts on this. You need to send an HTTP 1.1 response, but HTTP::respond doesn't currently support sending an HTTP 1.1 response. There is a request for enhancement ID, 337768, which tracks the request to send an HTTP response with a version that matches the original request version. There's a suggestion to add a flag to override this behavior if you want to hard code the response version.

     

     

    I'm not sure why SSL::respond isn't working in LB_FAILED. I suggest opening a case with F5 Support on this. I found one case related to this issue (which might be from your reseller?) but the specific issue of SSL::respond not working in LB_FAILED wasn't investigated fully.

     

     

    Hope this helps,

     

    Aaron