For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ken_Edgar's avatar
Ken_Edgar
Icon for Nimbostratus rankNimbostratus
May 21, 2021

Problems with http forwarding policy

I am helping our integrations team migrate API endpoints from one integrations load-balanced cluster to another. In doing so, they are slowly moving just specific applications. I have created an http...
application delivery
BIG-IP
AlexBCT's avatar
AlexBCT
Icon for Cumulonimbus rankCumulonimbus
May 22, 2021

Hi Ken,

 

That's an interesting one... I don't have an answer for you, but a couple of ideas / troubleshooting tips to hopefully help you further;

 

  • I see that you are looking for paths that "contains" /api. Is there any chance that some of the out-of-scope requests contain /api somewhere else in their API path?
  • Alternatively, if all requests start with /api, can you switch the policy to "starts_with"?
  • Can you find out which Virtual Server is processing the 404 errors? You can have a look at the HTTP headers of the responses to see which server it came from (old backend server, new backend server or F5)
  • Alternatively, have a look in the VS statistics, under Statistics ›› Module Statistics : Local Traffic ›› Virtual Servers : <vs-name>, select the HTTP profile, and check under Responses - Client Errors (these should include the 400-errors)
  • In your LTP (or in a new LTP), you can match on any 404 response, then log some details about it. That may also give you an indication of any pattern that may be to them.

 

Hope any of these are useful ;)