Forum Discussion

Tom_K_185554's avatar
Tom_K_185554
Icon for Nimbostratus rankNimbostratus
Jan 08, 2018

why do connections stop working when http profile is added to virtual server

Hello I found this description that has a nice diagram and explanation https://devcentral.f5.com/questions/requests-are-not-being-passed-from-virtual-server-to-the-pool-member

 

but at the end it concludes that the traffic that stopped working was not likely http traffic. We had a situation where we have 2 virtual servers listening on ports 80 and 443 and pointing to back end servers listening on ports 80 and 443 respectively. No ssl profiles and no irules and no http profile. We temporarily added an maintenance page irule that required a http profile so we used the f5 default. We removed the irule but forgot to set the http profile back to none and traffic would not go through. Could someone please explain why leaving the http profile in place would block traffic from getting through.

 

application delivery
LTM

1 Reply

Sort By
  • crodriguez's avatar
    crodriguez
    Ret. Employee
    Jan 08, 2018

    The port 443 virtual would have failed if all it had was an HTTP profile but no client SSL profile. The BIG-IP system can't process the HTTP payload at layer 7 (which is what the HTTP profile tells it to do) if the payload is encrypted - hence the need for a client SSL profile to decrypt it first.

     

    The port 80 virtual server should not fail with an HTTP profile, unless the traffic was not HTTP. Having an HTTP profile on this virtual does not matter except from a performance perspective. In other words, if you do not need to process the HTTP payload at L7 (as would be the case if you had an associated iRule that sent an HTTP response), then the HTTP profile is unnecessary. But it should not prevent the virtual server from working.