Forum Discussion
A 403 is distinctly different than a 401 in that it is the server saying, simply, it won't service the request. It is not indicating there was failed authentication, as a 401 would do. And for it only fail 15% of the time would not lead me to believe the issue is persistence on the F5.
Take a packet capture on the F5 of a specific session, this will give you a better idea what is going on, and give you the ammo you need to fire back at the app folks.
- bohm_192937Nov 11, 2016Nimbostratus
Thanks, but this will take some time because we are not able to reproduce it but see it happening in the logs and hear people complain sometimes. But I'll give it a shot.
Well in the apache logs I see some 403 POST errors while the client remains on the same server according to the apache logs, but also 403 POST errors where a session flips from 1 server to an other. This is something I'm not able to explain regarding cookie session persistence. What is the criteria F5 uses to determine a http session?
- ekaleidoNov 11, 2016Cirrus
Session cookies could potentially cause a problem depending on timeout values and user response times, maybe. You'd also want to verify via capture that the cookies you'e setting are being sent with the POST. It's not super common, I guess, but I've seen weird apps strip cookies out when the method changes.