How to prove non-http traffic?
Hello Folks, Customer has approximately 80 HTTP/HTTPs Virtual servers configured on his BIG-IP appliance, and it is showing the following log message under LTM log. http_process_state_prepend - Invalid action EV_INGRESS_DATA during ST_HTTP_PREPEND_HEADERS By looking into Dev-central and AskF5, I got to know that such message may appear if your HTTP VS are receiving response that includes a Content-Length header indicating a smaller value than the length of the data in the response. or Another common cause of this error message is an extra HTTP 100 Continue message, which may be included in a POST response by Microsoft Internet Information Services (IIS) version 6.0. However, is there a way to prove which VS is particularly receiving non standard traffic? Except TCPDUMP, because capturing traffic on all the VS will generate plenty of logs. Or if there is a way to use intelligent iRule to capture non-standard traffic? Cheers! Darshan