cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Disable "Connection: close" effect in server response

Youssef_Ghorba1
Altostratus
Altostratus

Hello,

 

I have a faulty application that mistakenly sending "Connection: close" on specific HTTP 1.1 requests.

LTM, upon receiving the "Connection: close" response from the server tears down the server side TCP session (sends FIN packet, etc)

In order to disable this behaviour, I came up with this iRule that removes the Connection header for identified requests :

 

when HTTP_REQUEST {   # any condition to identify the request. HEAD here is for testing   if { [HTTP::method] eq "HEAD" } {     set hack_response_headers 1   } else {     set hack_response_headers 0   } } when HTTP_RESPONSE {     if { $hack_response_headers == 1 }{         HTTP::header remove "Connection"     }  }

 

This iRule does what's intended and the client does no more receives the "Connection: close". Nevertheless, LTM still tears down the server side TCP session anyway, as if LTM handles the "Connection: close" before any iRule processing.

 

In there any way to completely disable the "Connection: close" effect on LTM when received on server side response ?

 

Youssef

2 REPLIES 2

Philippe_CLOUP
F5 Employee
F5 Employee

Hi Youssef,

you can use OneConnect to better manage serverside connections, differently than Clientside, and it will also help improve the performance of the backend system, as it will multiplex requests/responses into few TCP connections.

Youssef_Ghorba1
Altostratus
Altostratus

Thank you for taking the time to answer this question. Indeed OneConnect can help. But it adds other side effect with this faulty app (especially when coupled with SNAT)

I was really surprised/disappointed that the "decision" to close the server side connection (based on the Connection: close header) was made before any iRule was processed. I was expecting some hook allowing me to patch the response as it arrives on LTM.