Forum Discussion
Robert_47833
Oct 13, 2011Altostratus
some questions on "reject"
1:it seems "'reject" will show u overflow page ,right?
2:even request hit "reject",it will still execute the subsequent code in irule,right?
- nitassEmployee1. i got the connection was reset page.
[root@iris:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.17.33:http ip protocol tcp rules myrule } [root@iris:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { log local0. "before reject command" reject log local0. "after reject command" } } [root@iris:Active] config tcpdump -nni 0.0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes 12:35:41.495068 IP 192.168.206.102.50844 > 172.28.17.33.80: S 3555768222:3555768222(0) win 8192 12:35:41.495126 IP 172.28.17.33.80 > 192.168.206.102.50844: S 3902321246:3902321246(0) ack 3555768223 win 3780 12:35:41.495407 IP 192.168.206.102.50844 > 172.28.17.33.80: . ack 1 win 16695 12:35:41.495482 IP 172.28.17.33.80 > 192.168.206.102.50844: R 1:1(0) ack 1 win 3780 12:35:41.496673 IP 192.168.206.102.50845 > 172.28.17.33.80: S 813505315:813505315(0) win 8192 12:35:41.496708 IP 172.28.17.33.80 > 192.168.206.102.50845: S 370932803:370932803(0) ack 813505316 win 3780 12:35:41.497102 IP 192.168.206.102.50845 > 172.28.17.33.80: . ack 1 win 16695 12:35:41.497183 IP 172.28.17.33.80 > 192.168.206.102.50845: R 1:1(0) ack 1 win 3780 12:35:41.497376 IP 192.168.206.102.50845 > 172.28.17.33.80: P 1:369(368) ack 1 win 16695 12:35:41.497393 IP 172.28.17.33.80 > 192.168.206.102.50845: R 1:1(0) ack 369 win 0 10 packets captured 10 packets received by filter 0 packets dropped by kernel [root@iris:Active] config tail -f /var/log/ltm Oct 13 12:35:29 local/tmm notice tmm[4601]: 013e0001:5: Tcpdump starting bcast on :::0 from 127.1.1.1:44469 Oct 13 12:35:41 local/tmm info tmm[4601]: Rule myrule : before reject command Oct 13 12:35:41 local/tmm info tmm[4601]: Rule myrule : after reject command Oct 13 12:35:41 local/tmm info tmm[4601]: Rule myrule : before reject command Oct 13 12:35:41 local/tmm info tmm[4601]: Rule myrule : after reject command Oct 13 12:35:47 local/tmm notice tmm[4601]: 013e0002:5: Tcpdump stopping on 127.1.1.2:1030 from 127.1.1.1:44469
- Robert_47833Altostratushmmm,so what is displayed in your broswer? overflow page?or nothing ?
- Robert_47833AltostratusHmmm,I have tried this,when u have configured fallback host in your profile,it will go to fallback host and then fin
- nitassEmployeehmmm,so what is displayed in your broswer? overflow page?or nothing ?the connection was reset is shown in firefox. internet explorer cannot display the webpage is when using ie.
- Robert_47833Altostratushmm can u try http profile with a fallback host,it will go to fallback host,
- nitassEmployeehmm can u try http profile with a fallback host,it will go to fallback host,what version are you running? there is a bug in old version i.e. prior 9.3.0.
- Robert_47833AltostratusI run it on 10.2
- nitassEmployeeif reject is in CLIENT_ACCEPTED, connection will be rejected.
[root@iris:Active] config b version|grep -iA 1 version BIG-IP Version 10.2.2 930.0 Hotfix HF3 Edition [root@iris:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.17.33:http ip protocol tcp rules myrule profiles { myhttp {} tcp {} } } [root@iris:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { reject } when HTTP_REQUEST { reject } } [root@iris:Active] config b pool foo|grep -i pool\ member +-> POOL MEMBER foo/10.10.70.110:http inactive,down [root@iris:Active] config curl -I http://172.28.17.33 curl: (52) Empty reply from server [root@iris:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { reject } when HTTP_REQUEST { reject } } [root@iris:Active] config curl -I http://172.28.17.33 HTTP/1.0 302 Found Location: http://www.google.com Connection: close
- nitassEmployeeopp, forgot to list myhttp profile.
[root@iris:Active] config b profile myhttp list profile http myhttp { defaults from http fallback "http://www.google.com" }
- Robert_47833Altostratusoh,yes,u are right
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects