I have a layer 4 on F5 VS. I have set the FastL4 profile and HTTP profile as below:
ltm profile http HTTP_XforF {
accept-xff disabled
app-service none
defaults-from http
encrypt-cookies none
enforcement {
max-header-count 64
max-header-size 32768
max-requests 0
pipeline allow
unknown-method allow
}
fallback-host none
fallback-status-codes none
header-erase none
header-insert none
insert-xforwarded-for enabled
lws-separator none
lws-width 80
oneconnect-transformations enabled
proxy-type reverse
redirect-rewrite all
request-chunking preserve
response-chunking selective
response-headers-permitted none
via-request preserve
via-response preserve
xff-alternative-names none
Additionally, I have 2 irule connected:
when HTTP_REQUEST {
HTTP::header insert x-forwarded-host [HTTP::host]
}
when HTTP_REQUEST {
HTTP::header insert x-forwarded-proto "https"
}
VS listens on port 443. The certificate is on the server for F5. When you try to call a host, the site is unreachable, only after a few re-invitations the site enrols the certificate and everything starts working.
When I omit F5 in communication, everything works without a problem. F5 is transparent in this case and should not cause a problem. What could be the cause of the problem?
