Forum Discussion
hooleylist
Jan 19, 2012Cirrostratus
1)When thought about this logically you shouldnt be able to analyze a http request exeeding the maximum header size allowed using an iRule, when maximum http header size is exeeded F5 simply drop that request and send a RST to the client.
That's correct. You need to temporarily increase the HTTP profile setting for max headers size so that TMM will accept the HTTP request and trigger the HTTP_REQUEST event. The setting for triggering the iRule needs to be lower than the max headers size in the HTTP profile.
2)Not able to analyze such requests using an irule. because if F5 has the capablity of analyzing HTTP requests exeeding the maximum header size, whats the point of defining a maximum header size in the first place.
See above.
Would like to check with you on the traffic flow in F5,
1)when traffic reach F5, it will checked by iRule.
2) iRule will do necessary iRule check. reject/forwarding if specified in iRule.
3)Traffic reaches Virtual Server which associate with HTTP profile.
4) HTTP profile will then check on the HTTP header size and it will decide allow or send RST to client.
That's not completely accurate. The order is:
TMM receives an HTTP request
TMM determines the size of the HTTP headers
If the size of the headers is less than the max headers size from the HTTP profile, the HTTP_REQUEST event is triggered
The iRule logic from HTTP_REQUEST is triggered.
If the size of the headers is greater than the max headers size from the HTTP profile, the HTTP_REQUEST event is not triggered and TMM resets the client's TCP connection.
Aaron