Forum Discussion

Wesley_Saris's avatar
Icon for Nimbostratus rankNimbostratus
Jun 17, 2019

iRule - http_req sideband request rejected by IIS Backend - Invalid Hostname


I've got an irule performing two consecutive sideband http request to a single IIS backend (1 pool member).

This backend has multiple API listening over HTTPS 443 with specific hostname (https://api1, https://api2) and SNI activation.


Based on the client request /api/route1 or /api/route2, I'm changing the hostname on the fly as the SSO kerberos to request token for the good hostname,


set ws_status [call /Common/HSSR::http_req -state hstate -uri $ws_uri -method [HTTP::method] -type "application/json" -headers $sb_headers -debug 1 -rbody ws_resp_body -userid $userName

#do something

call /Common/HSSR::http_close hstate


set ws_status [call /Common/HSSR::http_req -state hstate -uri $ws_uri2 -method [HTTP::method] -type "application/json" -headers $sb_headers -debug 1 -rbody ws_resp_body -userid $userName

#do something

call /Common/HSSR::http_close hstate


And in the sideBand iRule, I've got this in HTTP_REQUEST


 if { [HTTP::uri] starts_with "/api/v1/route1"} {

    HTTP::header replace Host $static::EV2_SIDEBAND_HOSTNAME_DCO

    WEBSSO::select sso-kerberos-1

  } elseif { [HTTP::uri] starts_with "/api/v1/route2"} {

    HTTP::header replace Host $static::EV2_SIDEBAND_HOSTNAME_XS2A

    WEBSSO::select sso-kerberos-2



Issue I'm facing is that the second call is rejected directly by IIS (logs found in http.sys) :

Http response : <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"""> <HTML><HEAD><TITLE>Bad Request</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD> <BODY><h2>Bad Request - Invalid Hostname</h2> <hr><p>HTTP Error 400. The request hostname is invalid.</p> </BODY></HTML>


We checked the configuration of both api and it's both accessible from browser outside of the sideband irule. so hostname is good, ssl certificate is good, etc...


If someone has any clue, I'll be grateful.