Content Switch responses with 404 instead of 503 if LB vServer is down

[Nils Liebherr]

We have a content switch with two content switching policies and a default LB vserver.

From this article I understand that the netscaler should send a HTTP 503 if the vserver from a CS policy is down:
https://support.citrix.com/article/CTX236551/http-503-error-when-accessing-content-swtich-vserver

But that's not the case! Instead, the traffic which matches the policy where the  referenced LB vserver is down, is passed to the default LB vserver which results in a 404 and not 503.

Any idea why this happens?

[Morten Kallesøe]

the lbvserver should not be able to reply 404, if its down.

 

404 is a vaild reponse, and indicates that something is doing an reply.

[Jeff Riechers]

503 is if the web server is responding, but services within that server are not working.

404 is if the web server is not responding at all, or if the page requested is not there.

[Nils Liebherr]

I think I'll explain a bit more in detail:

Content Switch VS:
- CS Policy: HTTP.REQ.URL.STARTSWITH("/aaa/") -> LB vServer "lb_vs_A" with Service Group "svc_grp_A"containing server_a:15443 & server_b:15443
- CS Policy: HTTP.REQ.URL.STARTSWITH("/bbb/") -> LB vServer "lb_vs_B" with Service Group "svc_grp_B" containing server_a:16443 & server_b:16443
- default LB vServer "lb_vs_C" with Service Group "svc_grp_C" containing server_a:8443 & server_b:8443

If LB vServer "lb_vs_A" is down because both servers are not reachable at port 15443 and the requests starts with "/aaa/" (matching the first CS policy) I would expect a HTTP 503, because of:

Quote

NetScaler will send an HTTP 503 error in the below conditions when accessing the Content Switch:
1. The Load Balancing Vserver for which policy is matched is Down or Out of Service.

 

But instead, I receive a HTTP 404, because the request with "/aaa/" seems to be sent to the default LB vServer and there is nothing found at /aaa/

[Rick Davis]

You are correct that the Content Switching vserver will use its defined Default vserver when none of the Policy bindings can be honored.   
If you want to prevent requests from reaching the default because the designated targets are not reachable, you can simply define your default destination at the end of the policy table rather than the "Default Virtual Server" setting.  You can accomplish this by using a Rule/Expression of TRUE as the last binding.  The result is a 503 Service Unavailable as you expected.  Here is an example:

> show csvs test_csvs
...
Default:        Content Precedence: RULE
...
1)      Content-Switching Policy: about Target LB: logic_1      Rule: HTTP.REQ.URL.CONTAINS("about")    Priority: 100  
2)      Content-Switching Policy: default       Target LB: logic_2      Rule: TRUE      Priority: 110