Forum Discussion

Amit585731's avatar
Amit585731
Icon for Nimbostratus rankNimbostratus
Jan 14, 2016

Regarding http vip

Dear All,

 

We are seeing an issue where when directly hitting the server the application working fine but when going via vip the request fails. I checked on tcpdump and found that for httpget request via vip we were seeing 401 in response header. The vip is standard vip, http type. So it can be possible that f5 does http inspection and when getting response 401 it is dropping connection. While when directly hitting the application server since source is browser the it may be ignoring the 401 code. Please suggest.

 

Thanks for your help in advance.

 

Thanks

 

application delivery
basic authentication
http
LTM
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Jan 14, 2016

    No, the LTM should send the 401 response back to the client provided the VIP is up. Do you have a monitor on the pool possibly marking the pool down because of the 401? Can you share your pcap?

     

    • Amit585731's avatar
      Amit585731
      Icon for Nimbostratus rankNimbostratus
      Jan 16, 2016
      Hi Brad, Thanks for response. The VIP is up not sure why users are getting page not available. One thing I noticed that the application using auth header i.e. basic realm, OAuth etc. When they are directly hitting the pool member we are seeing OAuth as the URL of backend application to which pool member is pointing. But when going via VIP, in OAuth header we are seeing VIP URL. So is this something needed to be checked? Do OAuth needs to be same at pool member and backend. Please suggest. I will collect the wireshark and try to paste here. Thanks.
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Jan 14, 2016

    No, the LTM should send the 401 response back to the client provided the VIP is up. Do you have a monitor on the pool possibly marking the pool down because of the 401? Can you share your pcap?

     

    • Amit585731's avatar
      Amit585731
      Icon for Nimbostratus rankNimbostratus
      Jan 16, 2016
      Hi Brad, Thanks for response. The VIP is up not sure why users are getting page not available. One thing I noticed that the application using auth header i.e. basic realm, OAuth etc. When they are directly hitting the pool member we are seeing OAuth as the URL of backend application to which pool member is pointing. But when going via VIP, in OAuth header we are seeing VIP URL. So is this something needed to be checked? Do OAuth needs to be same at pool member and backend. Please suggest. I will collect the wireshark and try to paste here. Thanks.