clientless mode making issue

Question

we have published web-service application under one VIP which clientless mode "1" irule using and mapped the default pool member,its working fine as expected in browser as well as soap tool.&nbsp;
We tried to add one more application in the same vip,ie external single domain [https://sanjai.split.com/] and internal 2 different doamin http://abd.com/ws and http://kdm.com/ed&nbsp;
We used clienless mode plus additional irule by uri contains "/ws" goto pool member1 and /ed to pool member2 and rewrite to internal domain also. but its resetting the connection in the handshake.&nbsp;
Could you anyone assistance on this&nbsp;

kai_wilke · Answer

Hi Sanjai,
I'd like to recommend to temporary rule out APM (e.g. via ACCESS::disable for a specific Client IP) to see if your LTM is already able to route the request correctly. 
If you're required to switch pools/nodes based on the provided URI you have to apply a OneConnect Profile (recommended) or LB::detach the connection before each node selection (not optimal) to allow LTM to switch the server side connections as needed.
If this is working stable and the request are able to pass to every single web application, then you should reenable APM and tweak the SSO profiles as needed. Keep in mind, that in combination with OneConnect you're limited to NTLM, Basic, Forms SSO or something homegrown that doesn't require a Session_based-Authentication. If NTLM is used, then you have to attach a NTLM profile to allow LTM to reuse idle OneConnect connections on a per-user basis.
Cheers, Kai

stanislas_piro2 · Answer

Hi,&nbsp;
Is your SOAP request greater than 64K?&nbsp;
The clientless mod limit request size to 64K during authentication, this limit can be change since version 11.5&nbsp;

Forum Discussion

clientless mode making issue

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

Related Content

APM Clientless certificate authentication

Making EKS Anywhere Highly Available and Secure

Regex issue

How to make DNS resolutions in an HTTP request event work FOR you, not against you

Re: Zero Trust - Making use of a powerfull Identity Aware Proxy (Hands on lab)