Inquiry regarding connection delay after IP change on customer's web server

Question

hello. My name is Muntae Kim.A customer inquired about delays occurring after changing the IP of the web server. We tried the previously resolved method, but it was ineffective, so we are writing a post and asking for your confirmation.
Product Name: BIG-IP i15800Module name used: DDoSVersion information: BIG-IP 16.1.4.1 Build 0.50.5 Engineering HotfixHW information: 
[Issues]1. Additional inquiries regarding delays when connecting to the internal web server for the first time- Recently, the [www.cafe24.com] server and the [ec.cafe24.com] server were merged with the same IP, so the existing Virtual Server rules were set to be used together.- The structure used before is the same, but only the IP has changed.- Problem solved by changing to Generate After Access on October 5, 2021- Security ›› Bot Defense: This was resolved by changing www-cafe24-bot profile -&gt; Browsers -&gt; Device ID Mode to Generate [Before] Access → Generate [After] Access in Bot Defense Profiles, but this time, another cause occurred. Delays are expected to occur due to- The following is the weblog of the [webserver] server in the LVS - webserver structure.
[www.cafe24.com] 121.171.250.49 - - [11/Jan/2024:15:13:47 +0900] "GET /TSPD/0853a021f8ab20008da153a52cba459997d15822279f2d1721f4f32c1ecb7be8b971b217ea8951b6?type=9HTTP/1.1" 302 215 "https://www.cafe24.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "0.007"
[www.cafe24.com] 124.52.72.126 - - [11/Jan/2024:15:27:40 +0900] "GET /TSPD/?type=18 HTTP/1.1" 302 215 "https://www.cafe24.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "0.003"
[inquiry]1. Is the TSPD/xxx request part of the request that is assumed to be from F5 to the backend? If so, it is assumed that a 302 is displayed and there is a delay. Please check if the scenario I am expecting is correct.2. Please check if there are any settings or options to control GET /TSPD/* related requests from F5 to the backend.3. If you disable the currently used Bot Defense profile -&gt; Browsers -&gt; Device ID Mode to None in Generate After Access, please check how much the defense rate will drop by dividing it into DDoS defense and GET/DOS.
If you have additional information needed to resolve the issue, please reply.
thank you
&nbsp;

boneyard · Answer

Please be aware this is a public forum and not the way to officially and private contact F5 support, so be care with the details you share. If you have a support contract be sure to also contact F5 support: https://my.f5.com/manage/s/article/K000135931
You can have a look if you can disable the feature and see if that helps, just to rule it out https://community.f5.com/t5/technical-forum/requests-initiated-by-tspd-directory-with-error/td-p/296378

Forum Discussion

Inquiry regarding connection delay after IP change on customer's web server

1 Reply

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Query Regarding extramb

query regarding connection issues to a particular node in a pool

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

custom response page for api

Question & Answer: Regarding CVE-2020-5902