Sending web socket traffic to different pool

Question

We have a F5 sitting in front of an AWS API Gateway being used for WAF. A developer wants to start accepting web socket traffic but needs to send this web socket traffic to a different api gateway than the normal https traffic. I wrote an irule that should send the request to the other web socket specific pool but I'm not sure if I'm missing something because the web socket specific aws api gateway just keeps returning a 403 when I send traffic to it. The web socket specific api gateway has a different FQDN so I have to replace the host header. I'm not sure if this is what's screwing it up. I have this as my irule:when HTTP_REQUEST {
  if {[HTTP::header value "Upgrade] equals "websocket"} {
      HTTP::header replace Host "ws-apigw.fqdn.com"
      pool ws-pool
     }
  else {
      pool https-pool
       }
}    
Anyone know what I'm doing wrong?

spalande · Answer

If you are modifying the HOST header as expected by WS gateway, then iRule is okay. Please have a look at the below article

https://support.f5.com/csp/article/K25531068

This could be the issue with the backend pool member not accepting WS requests.
Origin header is required at backend pool member and it's not being sent by the client.

Please troubleshoot this along with the team managing websocket gateway

Forum Discussion

Sending web socket traffic to different pool

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Copper SFP Differences

Different ways Financial Services Institutions can deploy NGINX in Azure

Managing Kubernetes Traffic With F5 NGINX: A Practical Guide

How do I drop traffic on ASM?

Using Active/Standby for different traffic groups

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS