Forum Discussion

Thomas_Knutson_'s avatar
Thomas_Knutson_
Icon for Nimbostratus rankNimbostratus
May 13, 2011

Random HTTP 400 Errors

We recently implemented two 3600 model devices with LTM and ASM running on them. We are primarily running tomcat applications on our back end servers on TCP 8080, and terminating the SSL requests on ...
basic
getting started
new to f5
Thomas_Knutson_'s avatar
Thomas_Knutson_
Icon for Nimbostratus rankNimbostratus
May 16, 2011
Posted By hoolio on 05/13/2011 01:19 PM

 

Can you reproduce the issue? If so, I'd try capturing a tcpdump on LTM and use Fiddler2 to log the clientside HTTP. You can also add a debug event to the end of the iRule to log when a replacement is done:

 

 

Aaron

 

We are able to reproduce the issue on a consistent basis. Just using fiddler2 to log the clientside HTTP, we see some strange behavior. The errors are usually related to a .pdf file, that opens in the browser, and contains links. What I see in fiddler2 on good and bad connections is as follows.

 

 

 

 

BAD:

 

 

 

1.) Visit page and generate report (pdf) that loads in a frame on the page. Fiddler2 reports the connection to the domain as a 200, and all looks good.

 

2.) Click on a link in the report (this is a pdf) that should load the detailed pdf, inside of a frame on the page, but a 400 is shown where that section of the frame is. Fiddler reports no client side requests or traffic during this time.

 

3.) Right click on the section of the frame where content should be, and select "refresh" and all content loads correctly. Fiddler2 shows an initial connect to the site (HTTP 200) and then the actual request which is a 302.

 

 

 

 

 

GOOD:

 

1.) Visit page and generate report (pdf) that loads in a frame on the page. Fiddler2 reports the connection to the domain as a 200, and all looks good.

 

2.) Click on a link in the report (this is a pdf) that then loads a detailed pdf inside of a frame on the page and all looks good. Fiddler reports the 302 redirect.

 

 

 

 

 

We have not done a TCP dump yet, and are looking into all possible culprits of the problem. We recently transitioned these services from an older netcontinum device, which did not cause the problem. As of this time we have a fairly generic setup, with minimal iRules, and ASM is in transparent mode. We do have an iRule that handles these specific reports, and sends them to a different set of back end server pools. The iRule for this is listed below (some content is edited out however)

 

 

 

when HTTP_REQUEST {

 

 

 

if { [HTTP::uri] contains "/specific-uri-that-conflicts-with-uri-below" } {

 

return

 

 

 

} elseif { [HTTP::uri] contains "/report-uri/" } {

 

 

 

pool report-pool_reports_web

 

 

 

 

 

} elseif { [HTTP::uri] contains "/other-report-uri/" } {

 

 

 

pool other-report-pool_reports_web

 

snat automap

 

 

 

} elseif { [HTTP::uri] contains "/path-we-block/" } {

 

 

 

drop

 

 

 

}

 

 

 

}