Forum Discussion

tk83's avatar
tk83
Icon for Nimbostratus rankNimbostratus
May 05, 2021

Sending web socket traffic to different pool

We have a F5 sitting in front of an AWS API Gateway being used for WAF. A developer wants to start accepting web socket traffic but needs to send this web socket traffic to a different api gateway than the normal https traffic. I wrote an irule that should send the request to the other web socket specific pool but I'm not sure if I'm missing something because the web socket specific aws api gateway just keeps returning a 403 when I send traffic to it. The web socket specific api gateway has a different FQDN so I have to replace the host header. I'm not sure if this is what's screwing it up.

I have this as my irule:

when HTTP_REQUEST {
  if {[HTTP::header value "Upgrade] equals "websocket"} {
      HTTP::header replace Host "ws-apigw.fqdn.com"
      pool ws-pool
     }
  else {
      pool https-pool
       }
}    

Anyone know what I'm doing wrong?

1 Reply

  • If you are modifying the HOST header as expected by WS gateway, then iRule is okay. Please have a look at the below article

     

    https://support.f5.com/csp/article/K25531068

     

    • This could be the issue with the backend pool member not accepting WS requests.
    • Origin header is required at backend pool member and it's not being sent by the client.

     

    Please troubleshoot this along with the team managing websocket gateway