Regarding http vip

Question

Dear All, &nbsp;
We are seeing an issue where when directly hitting the server the application working fine but when going via vip the request fails. I checked on tcpdump and found that for httpget request via vip we were seeing 401 in response header. The vip is standard vip, http type. So it can be possible that f5 does http inspection and when getting response 401 it is dropping connection. While when directly hitting the application server since source is browser the it may be ignoring the 401 code. Please suggest. &nbsp;
Thanks for your help in advance. &nbsp;
Thanks &nbsp;

brad_parker_139 · Answer

No, the LTM should send the 401 response back to the client provided the VIP is up. Do you have a monitor on the pool possibly marking the pool down because of the 401? Can you share your pcap?

brad_parker · Answer

No, the LTM should send the 401 response back to the client provided the VIP is up. Do you have a monitor on the pool possibly marking the pool down because of the 401? Can you share your pcap?

amit585731 · Answer

Hi Brad,

Thanks for response. The VIP is up not sure why users are getting page not available. One thing I noticed that the application using auth header i.e. basic realm, OAuth etc. When they are directly hitting the pool member we are seeing OAuth as the URL of backend application to which pool member is pointing. But when going via VIP, in OAuth header we are seeing VIP URL. So is this something needed to be checked? Do OAuth needs to be same at pool member and backend. Please suggest.

I will collect the wireshark and try to paste here.

Thanks.

amit585731 · Answer

Hi Brad,

Thanks for response. The VIP is up not sure why users are getting page not available. One thing I noticed that the application using auth header i.e. basic realm, OAuth etc. When they are directly hitting the pool member we are seeing OAuth as the URL of backend application to which pool member is pointing. But when going via VIP, in OAuth header we are seeing VIP URL. So is this something needed to be checked? Do OAuth needs to be same at pool member and backend. Please suggest.

I will collect the wireshark and try to paste here.

Thanks.

Forum Discussion

Regarding http vip

4 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Query Regarding extramb

Question & Answer: Regarding CVE-2020-5902

VIP-targeting-VIP solution using Standard and performance L4 VS

Lightboard Lessons: Vip Targeting Vip

Will a port specific VIP override an ANY VIP?