cancel
Showing results for 
Search instead for 
Did you mean: 

Sending web socket traffic to different pool

tk83
Nimbostratus
Nimbostratus

We have a F5 sitting in front of an AWS API Gateway being used for WAF. A developer wants to start accepting web socket traffic but needs to send this web socket traffic to a different api gateway than the normal https traffic. I wrote an irule that should send the request to the other web socket specific pool but I'm not sure if I'm missing something because the web socket specific aws api gateway just keeps returning a 403 when I send traffic to it. The web socket specific api gateway has a different FQDN so I have to replace the host header. I'm not sure if this is what's screwing it up.

 

I have this as my irule:

when HTTP_REQUEST { if {[HTTP::header value "Upgrade] equals "websocket"} { HTTP::header replace Host "ws-apigw.fqdn.com" pool ws-pool } else { pool https-pool } }

 

Anyone know what I'm doing wrong?

1 REPLY 1

SanjayP
MVP
MVP

If you are modifying the HOST header as expected by WS gateway, then iRule is okay. Please have a look at the below article

 

https://support.f5.com/csp/article/K25531068

 

  • This could be the issue with the backend pool member not accepting WS requests.
  • Origin header is required at backend pool member and it's not being sent by the client.

 

Please troubleshoot this along with the team managing websocket gateway