Hi Ken,
That's an interesting one... I don't have an answer for you, but a couple of ideas / troubleshooting tips to hopefully help you further;
- I see that you are looking for paths that "contains" /api. Is there any chance that some of the out-of-scope requests contain /api somewhere else in their API path?
- Alternatively, if all requests start with /api, can you switch the policy to "starts_with"?
- Can you find out which Virtual Server is processing the 404 errors? You can have a look at the HTTP headers of the responses to see which server it came from (old backend server, new backend server or F5)
- Alternatively, have a look in the VS statistics, under Statistics ›› Module Statistics : Local Traffic ›› Virtual Servers : <vs-name>, select the HTTP profile, and check under Responses - Client Errors (these should include the 400-errors)
- In your LTP (or in a new LTP), you can match on any 404 response, then log some details about it. That may also give you an indication of any pattern that may be to them.
Hope any of these are useful ;)
Nimbostratus
