HTTP deny access troubeshooting
Hi, I just created one-armed setup for some testing in existing network topology. Scenario (Standalone VE 11.6): 1. All resources on let's say on 192.168.1.0/24, VLAN external, selfIP 192.168.1.10 2. Standard HTTP VS, http profile, SNAT Automap, no persistence, no other changes to defaults, VIP 192.168.1.20 3. Target server 192.168.1.100 (in fact its load balancer based on hproxy, application servers behind) 4. Pool with one member 192.168.1.100:80 5. Node with def icmp reporting status up 6. Pool member with def http reporting status up 7. Every piece displaying green dot status 8. Client PC with 192.168.1.200
Effect: 1. PC can access correct page with http://192.168.1.100 - direct connection to server 2. curl on VE can access http://192.168.1.100 - correct page returned 3. PC with http://192.168.1.20 is getting access denied page from the server
I would suspect some blocking set for seflIP address (source IP for packets because of Automap) but then curl should get the same error page (curl is as well using selfIP as source IP). Request are reaching server and correctly coming back to VE, but instead normal page, error page is displayed (not authorized to access this content or something similar).
I am puzzled, what can cause error page when accessing server via VS? Is there something obvious I should check? What steps/tools will be most appropriate to troubleshoot this issue?
Piotr