Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Sending web socket traffic to different pool

tk83
Nimbostratus
Nimbostratus

‎05-May-2021 13:54 - last edited on ‎04-Jun-2023 20:55 by Fog

We have a F5 sitting in front of an AWS API Gateway being used for WAF. A developer wants to start accepting web socket traffic but needs to send this web socket traffic to a different api gateway than the normal https traffic. I wrote an irule that should send the request to the other web socket specific pool but I'm not sure if I'm missing something because the web socket specific aws api gateway just keeps returning a 403 when I send traffic to it. The web socket specific api gateway has a different FQDN so I have to replace the host header. I'm not sure if this is what's screwing it up.

I have this as my irule:

when HTTP_REQUEST {
  if {[HTTP::header value "Upgrade] equals "websocket"} {
      HTTP::header replace Host "ws-apigw.fqdn.com"
      pool ws-pool
     }
  else {
      pool https-pool
       }
}

Anyone know what I'm doing wrong?

Labels:
0 Kudos
1 REPLY 1

SanjayP
MVP
MVP

‎07-May-2021 02:25

If you are modifying the HOST header as expected by WS gateway, then iRule is okay. Please have a look at the below article

 

https://support.f5.com/csp/article/K25531068

 

  • This could be the issue with the backend pool member not accepting WS requests.
  • Origin header is required at backend pool member and it's not being sent by the client.

 

Please troubleshoot this along with the team managing websocket gateway

0 Kudos
Copyright © 2023 Khoros, LLC