Forum Discussion
Redirect sends "Connection: Keep-Alive" header
Using a basic HTTP redirect statement:
if { blah }{
HTTP::redirect https://$host:$newport[HTTP::uri]
return
}we're seing an HTTP 1.0 response with a Keep-Alive header, even though the client didn't request keepalives:
curl -v http://host.domain.com
* About to connect() to host.domain.com port 80
* Trying 10.10.10.100... connected
* Connected to host.domain.com (10.10.10.100) port 80
> GET / HTTP/1.1
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
> Host: host.domain.com:80
> Accept: */*
>
< HTTP/1.0 302 Found
< Location: https://host.domain.com/
< Server: BIG-IP
* HTTP/1.0 connection set to keep alive!
< Connection: Keep-Alive
< Content-Length: 0
* Connection 0 to host host.domain.com left intact
* Closing connection 0
Seems odd, and totally unnecessary for a redirect, so we'd like to eliminate the Keepalive option completely and close the connection immediately.
Can we somehow suppress the Connection: header?
Send Connection: Close instead?
Or do we have to do something like "reject" the connection immediately following the redirect?
if { blah }{
HTTP::redirect https://$host:$newport[HTTP::uri]
reject
return
}???
thanks!
/deb
8 Replies
- While you could do a HTTP::header Replace and replace the Connection header to set the value to "close", this wouldn't get you very far. The "close" value wasn't supported in HTTP 1.0. It wasn't until 1.1. that the Connection header makes use of the close value.
You could, however, try removing the connection header if you are seeing unwanted results due to the keep-alive value being set.
Like:HTTP::header Remove Connection
I'd be interested to hear what problems you're seeing, though, by having the keep-alive value set between the BIG-IP and the client.
Colin - Customer says they are seeing the connection kept alive on the BIG-IP end, closing after the timeout when the client never sends another request.
andHTTP::header insert Connection Close
andHTTP::header replace Connection Close
all affect the inbound header with no effect on the BIG-IP responseHTTP::header remove Connection
It seems logical that insert / replace / remove can't affect the HTTP::redirect command after it's been issued. Placing the header remove command in HTTP_RESPONSE also didn't work, I'm assuming because that is triggered by a server response, and with a redirect, there is none.
results in both a Connection: Keep-Alive header and a Connection: Close header.HTTP::respond 302 Location http://www.google.com/ Connection Close
We'd also like to modify the Server: header in the redirect, if possible, to something other than "BIG-IP"...
thanks!
/deb - I've set up a simple redirect rule for testing, and I have to say /I/ can't see that the connection is actually kept alive on BIG-IP...
If I don't see any connection to BIG-IP from my client in netstat -an other than my ssh connection, doesn't that mean the BIG-IP is really closing the connection? - NOTE: Big IP will send a close only if the client sends a non keep alive request. Why don't you set the idle timeout to a small value after you send the redirect. That way the client can re-use the connection if it chooses to do so and the connection won't linger too long if it doesn't.
I had a customer run into this, where we found the newer browsers performed TCP Keep-Alives that would reset the TCP idle timeout every 10~45 seconds. I poked around and couldn't get the Connection: Keep-Alive header removed or replaced, so I ended up not using the built in HTTP::redirect, and instead simply used:
when HTTP_REQUEST { if { [HTTP::uri] contains "secure"} { HTTP::respond 302 conent { Location: https://secure.company.com Server: BigIP Connection: Close Content-Length: 0 } return } }
Georgi__Joe__StAltostratus
I think you should use: HTTP::respond 302 noserver -reset Connection close Location https://google.com
I had a customer run into this, where we found the newer browsers performed TCP Keep-Alives that would reset the TCP idle timeout every 10~45 seconds. I poked around and couldn't get the Connection: Keep-Alive header removed or replaced, so I ended up not using the built in HTTP::redirect, and instead simply used:
when HTTP_REQUEST { if { [HTTP::uri] contains "secure"} { HTTP::respond 302 conent { Location: https://secure.company.com Server: BigIP Connection: Close Content-Length: 0 } return } }- Georgi__Joe__StI think you should use: HTTP::respond 302 noserver -reset Connection close Location https://google.com
