http 1.1
7 TopicsLTM OneConnect Profile for short API http request
We have some client using API calls to our servers and they are short live request, these web servers are not browsable they just serve API. We have notice request rate is very high which i am seeing 900 TLS almost and i have notice our Web (apache) getting timeout sometime because of very high connection rate on webserver on netstat i am seeing thousands of TIME_WAIT so definitely my server running out of resources even server CPU load is 1% or 2% We are thinking to use OneConnect Profile but not sure its going to benefit us or not and how? I read about OneConnect profile but i am little confused and need some advice how we should utilize it. Question: If we use OneConnect does that means it will open only few connection to server right? We are using Auto Map SNAT so what will be impact on OneConnect Profile also we are using XFF feature to extract client IP. What if we disable HTTP 1.1 on apache webserver which will close connection faster in that case how does OneConnect profile behave? for test i have enabled oneconnect profile on our Dev LTM and send some http request from multiple but i am seeing its opening individual connect to server and not bundle them in single connection (We are using Mask 0.0.0.0) is that how openconnect works?294Views0likes2CommentsDifferentiating the connections based on headers || HTTP Profile
Hi, I have a scenario wherein the app team wants to publish an application both to external and internal (intranet). However, the requirement from them is to check on BIG IP to leverage HTTP profile (or iRule) to segregate between external and internal users. They want to have something like http profile = abc.com_external implies external user http profile = abc.com_internal implies internal user Now, below is the traffic flow for both scenarios, External End user >>> External BIGIP >>> Internal BIGIP >>> Backend Servers Internal End user >>>> Internal BIGIP >>> Backend Servers So, the only difference basically is that for external connections the internal BIGIP would see the source as the external BIGIP. Now, my approach is if we can insert something in the header on external BIGIP and monitor for it on the internal BIGIP then we could differentiate between external and internal users. Internal connections would be parsed as normal. Therefore, at the app level on backend servers they could differentiate between external connections by monitoring the newly added header. Not sure if this could be achievable but would be great if you could provide some help and thoughts. Br, MSK251Views0likes1Commentirule to rewrite header but respond with 200
Hi All, Im trying to setup an irule (and struggling :-)) that will perform the following. Upon accessing a site, the request will be rewritten to essentially send the client elsewhere, however rather than providing a 301/302 redirect I need a 200 response to be sent to the client for the initial request. For example once this rule is setup, a request for a page www.test.com/p/content/ will result in a 200 response for the user. This will work using the URL handling rule sending requests ahead without generating a response to the user and the 200 response coming from www.test.com. the irule below seems to direct the user correctly but I cant seem to force the 200 response When HTTP_REQUEST { if { [HTTP::host] contains "www.test." and [HTTP::uri] starts_with "/p/" } { HTTP::header replace Host "www.test.com" } }897Views0likes7CommentsLTM HTTP Monitor Send and Receive syntax
Hi, I'm trying to configure a monitor that will check if a website is up on a Linux server. My Send string is GET /dms/loginForm.jpg HTTP/1.1\r\nHost:7270 \r\nConnection: close\r\n\r\n and if i leave the receive string blank it works and if I set the receive string to 200 OK it works, even though on of the sites is down. See below. [Joseph.Johnson@US-MABILLDC-INTLTM-02:Active:Changes Pending] ~ curl -vk http://10.202.10.169:7270/dms/loginForm.jsp About to connect() to 10.202.10.169 port 7270 (0) Trying 10.202.10.169... connected Connected to 10.202.10.169 (10.202.10.169) port 7270 (0) GET /dms/loginForm.jsp HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1j zlib/1.2.3 libidn/0.6.5 Host: 10.202.10.169:7270 Accept: / < HTTP/1.1 200 OK < Cache-Control: no-cache < Date: Thu, 10 Aug 2017 20:00:03 GMT < Pragma: no-cache < Content-Length: 2824 < Content-Type: text/html; charset=UTF-8 < Expires: Thu, 01 Jan 1970 00:00:00 GMT < X-ORACLE-DMS-ECID: dc812bacc6eaa1df:-521687cc:15dcd4a6325:-8000-0000000000000163 < Set-Cookie: JSESSIONID=zarNu3_3TyGdblWUPx-DjF7ACO-t3xgVoiK9zVVT3zGdcvNJXN1U!-1852036927; path=/; HttpOnly [Joseph.Johnson@US-MABILLDC-INTLTM-02:Active:Changes Pending] ~ curl -vk http://10.202.10.70:7270/dms/loginForm.jsp * About to connect() to 10.202.10.70 port 7270 (0) * Trying 10.202.10.70... Connection refused * couldn't connect to host * Closing connection 0 curl: (7) couldn't connect to host Why is it that even with no connection made, the monitor is still marking the pool member as up when i set the receive string to 200 OK and is there anything i should change with it? Thanks in advance!535Views0likes4CommentsHTTPS monitors not getting the members up
In one scenario, I am asked to create two VIPs, which point to the same backend servers and same port i.e 443, just that they are used for different applications. So, I was suggested to create two pools, with the same set of pool-members(server IP:port) just that two separate HTTPS monitors. The two monitors were also identical, however in the GET string used in 'send' field, they were using different HOSTs. Now, out of the two pools, one is UP and the other is NOT... what can be the issue? Pool A Monitor send string "GET /health/prospect HTTP/1.1\r\nHost: a.xyz.com.au\r\nConnection: Close\r\n\r\n" Pool B Monitor send string "GET /health HTTP/1.1\r\nHost: b.xyz.com\r\nConnection: Close\r\n\r\n"201Views0likes2Comments