Workaround for invalid 304 content-length

Question

Hi,
In a migration towards the BigIP, I encounter a problem with http-304 responses. In the http-header there is a "Content-Length" header with a value greater than 0. The http-rfc clearly states that a 304 MUST NOT have a body, therefore a content-length is also invalid. The effect of this content-length-header is that the BigIP is waiting for the amount of data that the header is announcing. Only after the server terminates the connection the BigIP will send the 304-response back to the client. This is an unacceptable delay.
The problem will be fixed on the http-server, but in the meantime I would like to build an iRule as a temporary workaround.
I have tried many things already and only the following iRule is working:
when HTTP_RESPONSE {
   if {([HTTP::status] == 304) &amp;&amp; [HTTP::header exists Content-Length]} {
      log local0. "304 found with content-length" 
      HTTP::respond 304
      HTTP::disable
   }
}
But the HTTP::disable disables HTTP-parsing for subsequent http-requests in the TCP-session (OneConnect is enabled also on this virtual). If I do a 'HTTP::header replace "Content-Length" "0"' the header is altered towards the client, but I guess there is still an internal variable that is holding the content-length value, so the BigIP will still try to collect that amount of data from the http-response and this will result in the timeout on the server and the delay towards the client.
Is there a way to change this internal variable? Or is there another way the stop the BigIP from waiting on this (nonexisting) content?
Cheers,    Sake

colin_walker_12 · Answer

Have you tried using HTTP::release? Click here&nbsp;
&nbsp;-Colin

sake_blok · Answer

Hi Colin,&nbsp;
&nbsp;Yes, I did try "HTTP::release", as well as "HTTP::collect 0". The first did not help, the BigIP still waited for the announced amount of data. The second gave an error, the parameter needs to be greater than 0.&nbsp;
&nbsp;I have a case for this issue also (C260102), there seem to be some CR's, but unfortunately it seems our configuration (on 9.1.1) is still vulnerable. It also looks like this is not fixed in later releases, hence the iRule-workaround...&nbsp;
&nbsp;So far, the only thing that stops the BigIP from waiting for the content that neven comes is "HTTP::disable", but I'm afraid that'll break other stuff.&nbsp;&nbsp;
&nbsp;Cheers,  Sake

bl0ndie_127134 · Answer

Unfortunately the only work around (at the moment) is to do a 'TCP::collect' and replace the data at the TCP layer on the server response. We have seen applications (Sharepoint) that do send data on a 304 response. There should be examples of 'TCP::collect' and 'TCP::payload replace' in the forum.

sake_blok · Answer

Hi Bl0ndie, Uhmm... this application does not send data on the 304, it only adds a "Content-Length" header *as if* it is going to send data. I don't think a TCP::collect will accept a "0" as parameter. But tomorrow I will be on site, I might give it a shot.&nbsp;
&nbsp;IMHO the only way to solve this issue is to tell the BigIP that there is no data to collect. That way it will not enter the HTTP::collect or TCP::collect that happens between the HTTP_RESPONSE and the HTTP_RESPONSE_DATE (please correct me if my interpretation of how iRules work is incorrect). I'm just not sure if this is possible, and if it is how it can be done...&nbsp;&nbsp;
&nbsp;Cheers,   Sake

bl0ndie_127134 · Answer

Give this a try ...
when SERVER_CONNECTED {
   TCP::collect 12
}
when HTTP_REQUEST_SEND {
   set response_pending 1
   TCP::collect 12
}
when SERVER_DATA {
   if {$response_pending == 1} {
       Check for 304 response
      if {[TCP::payload] starts_with "HTTP/1.1 304"} {
          set index [string first "Content-Length" [TCP::payload]]
           Check if header is found
          if {$index != -1} {
             TCP::payload replace $index 2 "X-"
          }
          elseif {[string first "

" [TCP::payload]] == -1} {
              Dont have the end of header. Collect more.
             TCP::collect
             return
         }
    }
    set response_pending 0
}

Forum Discussion

Workaround for invalid 304 content-length

8 Replies

Recent Discussions

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Related Content

Access Logs - Invalid Tenant

err tmm1[24399]: 011f0007:3: http_process_state_prepend - Invalid action:0x107041 clientside

APM AD authentication case-sensitivity workaround

Node.js HTTP Message Body: Transfer-Encoding and Content-Length in LineRate lrs/virtualServer Module

Health monitor with login check and content length