Forum Discussion
WSS LTM not passing data correctly
- Oct 06, 2022
Hi Paolo,
Thank you for your time today, im glad we could determine what was wrong.
A few steps we took that helped us confirm first off, that no truncating was happening in the headers, was to capture the connection in a tcpdump with the f5 high detail peer options (:nnnp), that showed us the payload on the backend as being perfect. No truncating happening.
tcpdump -vvv -s0 -ni 0.0:nnnp host <f5 VIP> and port <f5 virtual server port>
One of the key factors to identifying what was the issue here was something you sent me in a private message. Removing the http profile, which subsequently resultied in the websocket, waf and clientssl profile to be removed, allowed the connection to work. The wss:// call, not ws://.
Because this was a WSS or WebSocket Secure call, the server was expecting a TLS session, and our configuration was doing TLS offloading at the f5, and sending the traffic plain text to the server. Why the application generated an "ERR_TRUNCATE_HEADERS" message is purely speculation at this point, but i suspect it was because the headers were all encrypted and thus exceeded the maximum for the application.
I would normally expect to see 400 errors with HTTP, so the backend encryption wasnt jumping out at me sooner.
Im glad that we could resolve this matter, and please let myself and f5 know if there is anything else we can do to assist you in the future.
Cheers
Mike
Hi Paolo,
Thank you for your time today, im glad we could determine what was wrong.
A few steps we took that helped us confirm first off, that no truncating was happening in the headers, was to capture the connection in a tcpdump with the f5 high detail peer options (:nnnp), that showed us the payload on the backend as being perfect. No truncating happening.
tcpdump -vvv -s0 -ni 0.0:nnnp host <f5 VIP> and port <f5 virtual server port>
One of the key factors to identifying what was the issue here was something you sent me in a private message. Removing the http profile, which subsequently resultied in the websocket, waf and clientssl profile to be removed, allowed the connection to work. The wss:// call, not ws://.
Because this was a WSS or WebSocket Secure call, the server was expecting a TLS session, and our configuration was doing TLS offloading at the f5, and sending the traffic plain text to the server. Why the application generated an "ERR_TRUNCATE_HEADERS" message is purely speculation at this point, but i suspect it was because the headers were all encrypted and thus exceeded the maximum for the application.
I would normally expect to see 400 errors with HTTP, so the backend encryption wasnt jumping out at me sooner.
Im glad that we could resolve this matter, and please let myself and f5 know if there is anything else we can do to assist you in the future.
Cheers
Mike
Thank you Mike, Bu and all F5 Team for your help. It was very hard to find a solution because we do not know the application behaviour.
Best Regards,
P.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com