Disable "Connection: close" effect in server response

Youssef_Ghorba1 · ‎23-Jan-2020

Hello,

I have a faulty application that mistakenly sending "Connection: close" on specific HTTP 1.1 requests.

LTM, upon receiving the "Connection: close" response from the server tears down the server side TCP session (sends FIN packet, etc)

In order to disable this behaviour, I came up with this iRule that removes the Connection header for identified requests :

when HTTP_REQUEST {
  # any condition to identify the request. HEAD here is for testing
  if { [HTTP::method] eq "HEAD" } {
    set hack_response_headers 1
  } else {
    set hack_response_headers 0
  }
}

when HTTP_RESPONSE {
    if { $hack_response_headers == 1 }{
        HTTP::header remove "Connection"
    } 
}

This iRule does what's intended and the client does no more receives the "Connection: close". Nevertheless, LTM still tears down the server side TCP session anyway, as if LTM handles the "Connection: close" before any iRule processing.

In there any way to completely disable the "Connection: close" effect on LTM when received on server side response ?

Youssef

Philippe_CLOUP · ‎25-Jan-2020

Hi Youssef,

you can use OneConnect to better manage serverside connections, differently than Clientside, and it will also help improve the performance of the backend system, as it will multiplex requests/responses into few TCP connections.

Youssef_Ghorba1 · ‎25-Jan-2020

Thank you for taking the time to answer this question. Indeed OneConnect can help. But it adds other side effect with this faulty app (especially when coupled with SNAT)

I was really surprised/disappointed that the "decision" to close the server side connection (based on the Connection: close header) was made before any iRule was processed. I was expecting some hook allowing me to patch the response as it arrives on LTM.

DevCentral

Disable "Connection: close" effect in server response