Apache httpd server doesn't accept GET HTTP request from F5 load balancer
Instead of HTTP methods (which is the first thing a HTTP client will send), you are getting strings starting with \x16, which is the start of a TLS handshake.
This means that your client is trying to use HTTPS to speak to a HTTP server. Just starting a server on port 443 doesn't make it HTTPS. The quick way to confirm this is probably to change a url such as https://foo to http://foo:443
Related videos on Youtube
01 : 01 : 25
06 : 07
11 : 13
12 : 12
52 : 17
15 : 12
14 : 49
vasppla
Updated on June 04, 2022Comments
-
vasppla almost 2 years
We are currently bringing reverse proxy solution between internet and application server. I have completed the simple reverse proxy setup and I am successfully able to reach application server from reverse proxy. But when I try to perform a health check from F5 to reverse proxy, it fails and there are no errors in the error_log except the following in access_log
XX.XXX.XX.X - - [07/Feb/2020:15:33:27 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:28 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:32 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:33 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:37 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:38 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:42 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:43 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:47 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:48 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:52 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:53 -0700] "\x16\x03\x01" 400 226 "-" "-" -
vasppla about 4 yearsHi Evert, thanks for your quick response. So you are suggesting to change the URL at F5 host to
http://foo:443? Also, for successful F5 HTTPS request to Apache, should I enable SSL/TLS? -
Namrata Das about 4 yearsThe question is, do you care about the traffic between your F5 instance and apache to be encrypted. If it's all local traffic, maybe it's not important and you should just switch tohttp. -
vasppla about 4 yearsThat makes perfect sense! I will check with my IT guy to see if it has to be encrypted but if it is not, then can I still use port 443 or recommended to change 80?
-
Namrata Das about 4 yearsSwitching to port 80 is the least surprising thing to do. If you're running on port 443 I expect a HTTPS server, not a HTTP server.
-
vasppla about 4 yearsOk thanks! If it needs to be encrypted that leads me to enable SSL handshake between F5 and apache.
-
vasppla about 4 yearsI had also few other questions on the configurations above, would you mind to help me with that as well as I am new to setting up apache httpd server.
The above proxy pass is only to redirect the test.html page but the above configuration may not work with original full context (for eg. http://application_ip/soa/test/test.html). In this case, how do I redirect with single configuration, Does Rewrite be helpful 4.What does the above message from access_log mean 5.Is there anything else am I missing here to have successful F5 health check -
vasppla about 4 yearsIt would be good if you can point me to a best link which will help me setup Apache with SSL enabled.
-
Namrata Das about 4 years@vsellapp, I don't give free consulting, I just enjoy answering questions here. If you have more questions, open more stackoverflow questions.