Forum Discussion

Robert_47833's avatar
Robert_47833
Icon for Altostratus rankAltostratus
Oct 13, 2011

some questions on "reject"

1:it seems "'reject" will show u overflow page ,right?

 

2:even request hit "reject",it will still execute the subsequent code in irule,right?

 

  • 1. i got the connection was reset page.

    2. yes, i think so.

    [root@iris:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.17.33:http
       ip protocol tcp
       rules myrule
    }
    [root@iris:Active] config  b rule myrule list
    rule myrule {
       when CLIENT_ACCEPTED {
            log local0. "before reject command"
            reject
            log local0. "after reject command"
    }
    }
    
    [root@iris:Active] config  tcpdump -nni 0.0 port 80
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
    12:35:41.495068 IP 192.168.206.102.50844 > 172.28.17.33.80: S 3555768222:3555768222(0) win 8192 
    12:35:41.495126 IP 172.28.17.33.80 > 192.168.206.102.50844: S 3902321246:3902321246(0) ack 3555768223 win 3780 
    12:35:41.495407 IP 192.168.206.102.50844 > 172.28.17.33.80: . ack 1 win 16695
    12:35:41.495482 IP 172.28.17.33.80 > 192.168.206.102.50844: R 1:1(0) ack 1 win 3780
    12:35:41.496673 IP 192.168.206.102.50845 > 172.28.17.33.80: S 813505315:813505315(0) win 8192 
    12:35:41.496708 IP 172.28.17.33.80 > 192.168.206.102.50845: S 370932803:370932803(0) ack 813505316 win 3780 
    12:35:41.497102 IP 192.168.206.102.50845 > 172.28.17.33.80: . ack 1 win 16695
    12:35:41.497183 IP 172.28.17.33.80 > 192.168.206.102.50845: R 1:1(0) ack 1 win 3780
    12:35:41.497376 IP 192.168.206.102.50845 > 172.28.17.33.80: P 1:369(368) ack 1 win 16695
    12:35:41.497393 IP 172.28.17.33.80 > 192.168.206.102.50845: R 1:1(0) ack 369 win 0
    
    10 packets captured
    10 packets received by filter
    0 packets dropped by kernel
    
    [root@iris:Active] config  tail -f /var/log/ltm
    Oct 13 12:35:29 local/tmm notice tmm[4601]: 013e0001:5: Tcpdump starting bcast on :::0 from 127.1.1.1:44469
    Oct 13 12:35:41 local/tmm info tmm[4601]: Rule myrule : before reject command
    Oct 13 12:35:41 local/tmm info tmm[4601]: Rule myrule : after reject command
    Oct 13 12:35:41 local/tmm info tmm[4601]: Rule myrule : before reject command
    Oct 13 12:35:41 local/tmm info tmm[4601]: Rule myrule : after reject command
    Oct 13 12:35:47 local/tmm notice tmm[4601]: 013e0002:5: Tcpdump stopping on 127.1.1.2:1030 from 127.1.1.1:44469
    
    
  • Hmmm,I have tried this,when u have configured fallback host in your profile,it will go to fallback host and then fin

     

    if not,it will get rst ,
  • hmmm,so what is displayed in your broswer? overflow page?or nothing ?the connection was reset is shown in firefox. internet explorer cannot display the webpage is when using ie.
  • hmm can u try http profile with a fallback host,it will go to fallback host,

     

  • hmm can u try http profile with a fallback host,it will go to fallback host,what version are you running? there is a bug in old version i.e. prior 9.3.0.
  • if reject is in CLIENT_ACCEPTED, connection will be rejected.

    [root@iris:Active] config  b version|grep -iA 1 version
    BIG-IP Version 10.2.2 930.0
    Hotfix HF3 Edition
    
    [root@iris:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.17.33:http
       ip protocol tcp
       rules myrule
       profiles {
          myhttp {}
          tcp {}
       }
    }
    
    [root@iris:Active] config  b rule myrule list
    rule myrule {
       when CLIENT_ACCEPTED {
            reject
    }
    when HTTP_REQUEST {
            reject
    }
    }
    
    [root@iris:Active] config  b pool foo|grep -i pool\ member
    +-> POOL MEMBER foo/10.10.70.110:http   inactive,down
    
    [root@iris:Active] config  curl -I http://172.28.17.33
    curl: (52) Empty reply from server
    
    [root@iris:Active] config  b rule myrule list
    rule myrule {
       when CLIENT_ACCEPTED {
            reject
    }
    when HTTP_REQUEST {
            reject
    }
    }
    
    [root@iris:Active] config  curl -I http://172.28.17.33
    HTTP/1.0 302 Found
    Location: http://www.google.com
    Connection: close
    
    
  • opp, forgot to list myhttp profile.

    [root@iris:Active] config  b profile myhttp list
    profile http myhttp {
       defaults from http
       fallback "http://www.google.com"
    }