Hello,
We have the following problem:
Our WebApplication occasionally sends 1 Byte packets, containing just a
"v", as part of the response to an http request.
Unfortunately our load balancer (F5 BigIP) reacts to this unexpected "v"
by closing the http1.1 Pipes, and the user sees an error message
(generated by the apache Webservers that sit in front of the BigIP).
Naturally we are trying to stop the application generating these
problematic "v"s (which it should only use to communicate between it's
own processes across the 6 Application servers), but in the meantime we
thought that we could perhaps filter them out, before the BigIP sees
them.
So the question.
Is NetFilter the right place to do this filtering ???
Rule would have to be something like:
If Destination is BigIP
and PacketSize = 1 Byte
and PacketContent is a "v"
then dump the packet.
The whole communication is done in https, if that makes any difference.
<-"v"
--------- ------- -------- ------- ------------
| Browser |->| Load |->| Apache |->| Load |->|Application |
| | | Bal 1 | | x 2 | | Bal 2 | |(Linux x 6) |
--------- ------- -------- ------- ------------
Thanks in anticipation
Stuart
------------------------------------------
BMW Group
Stuart Flowers
TG-40
Telefon: +49-89-382-28572
Fax: +49-89-382-49166
mailto: Stuart.Flowers@xxxxxx
Url: http://www.bmwgroup.com
------------------------------------------
