Forum Discussion
mago_131453
Nimbostratus
NimbostratusWebsites do not load correctly when load balancing via proxy
We currently have a pair of BIG-IPs with 11.5 running in our DC. One of the services we want to load balance is a pair of Cisco WSAs (IronPort) which function as web proxies.
When a client connects via the BIG-IP's VIP to access the Proxies we have the problem that not all of the content is loaded. This problem does not change if we take one of the WSAs out of the pool so that we can be sure we always go via the same proxy. It is also working fine when the clients go via one of the proxies directly.
[UPDATE] The http-WSA-proxy profile is based obn the fastL4 but has XFF enabled.
Does anyone have an idea what we are missing and why we are not receiving the complete page?
High level traffic flow:
Client <> BIG-IP Cluster <> Firewall <> 2x Cisco WSA Web Proxy <> Firewall <> Internet
LTM config:
ltm virtual vs_NAME {
destination VIP%RD:webcache
ip-protocol tcp
mask 255.255.255.255
partition NAME
persist {
source_addr_mirror {
default yes
}
}
pool NAME
profiles {
/Common/fastL4 { }
http-WSA-proxy { }
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vlans {
NAME-VIPs
}
vlans-enabled
vs-index 17
}
Stanislas_Piro2Cumulonimbus
Hi
what is the configuration of http-WSA-proxy profile?
Proxy protocol is different than HTTP protocol.
mago_131453Hi Stanislas, thanks for your reply.
we are using the following:
ltm profile http http-WSA-proxy { app-service none defaults-from /Common/http insert-xforwarded-for enabled proxy-type reverse }What else would you suggest? Thanks in advance!
- Stanislas_Piro2
can you try proxy-type
instead ofexplicit
?reverse - mago_131453
Hi Stanislas,
the configuration was not the issue. Log files pointed to an issue (Known Issue ID 451319, Honor Content-Length header when server responds with 4xx response with body for CONNECT request) fixed in 11.6
After verification that this actually is our problem we upgraded to 11.6 and do not have the problem anymore.
Thanks for your support anyway!
- mago_131453Hi Stanislas, the configuration was not the issue. Log files pointed to an issue (Known Issue ID 451319, Honor Content-Length header when server responds with 4xx response with body for CONNECT request) fixed in 11.6 After verification that this actually is our problem we upgraded to 11.6 and do not have the problem anymore. Thanks for your support anyway!