Jump to content

Recommended Posts

Hello everyone,

I created a regular CS, with 2Vips, with 2 Service Groups, forwarding the requests to the same servers in different ports, however, this service is not working properly, the end user is getting an error when they try to access the service via browser typing the URL.

s4-preprod = must go to servers on port 44301

po-preprod = must go to servers on port 44302

before I made some changes to some policies they were facing the error "object not found HTTP/1.1, then I made some changes and now when they don't put the port on the URL the face "service is not available at the moment" when they put the port on the request they reach the page.


here are the policies:

add cs policy csp_s4-preprod.bock.aurora.ab-inbev.com_44301 -rule "HTTP.REQ.HOSTNAME.EQ(\"s4-preprod.bock.aurora.ab-inbev.com\")" -action csa_s4-preprod.bock.aurora.ab-inbev.com_44301

add cs policy csp_s4-preprod.bock.aurora.ab-inbev.com_44301_api -rule "(HTTP.REQ.HOSTNAME.EQ(\"s4-preprod.bock.aurora.ab-inbev.com\") && HTTP.REQ.HEADER(\"X-ORIGINAL-HOST\").CONTAINS(\"one.ofc.loc\")) || (HTTP.REQ.HOSTNAME.EQ(\"s4-preprod.bock.aurora.ab-inbev.com\") && HTTP.REQ.HEADER(\"X-ORIGINAL-HOST\").CONTAINS(\"ab-inbev.com\"))  || (HTTP.REQ.HOSTNAME.EQ(\"s4-preprod.bock.aurora.ab-inbev.com\") && HTTP.REQ.HEADER(\"X-ORIGINAL-HOST\").CONTAINS(\"azure-api.net\")) || ((HTTP.REQ.HOSTNAME.EQ(\"s4-preprod.bock.aurora.ab-inbev.com\") || HTTP.REQ.HOSTNAME.EQ(\"s4-preprod.bock.aurora.ab-inbev.com\") &&  HTTP.REQ.FULL_HEADER.CONTAINS(\"BLACKLINE\"))" -action csa_s4-preprod.bock.aurora.ab-inbev.com_44301_api

add cs policy csp_s4-preprod.bock.aurora.ab-inbev.com_44301_noauth -rule "HTTP.REQ.HOSTNAME.EQ(\"s4-preprod.bock.aurora.ab-inbev.com:443\") || HTTP.REQ.HOSTNAME.EQ(\"s4-preprod.bock.aurora.ab-inbev.com\")" -action csa_s4-preprod.bock.aurora.ab-inbev.com_44301_noauth

add cs policy csp_s4-preprod.bock.aurora.ab-inbev.com_44301_Internal -rule "HTTP.REQ.HOSTNAME.EQ(\"s4-preprod.bock.aurora.ab-inbev.com\") && HTTP.REQ.URL.CONTAINS(\"/sap/bc/ui2/flp\") || HTTP.REQ.HOSTNAME.EQ(\"s4-preprod.bock.aurora.ab-inbev.com\") && HTTP.REQ.URL.CONTAINS(\"/cgi/\")" -action csa_s4-preprod.bock.aurora.ab-inbev.com_44301_Internal


can anybody help me, please?



Link to comment
Share on other sites

Posted (edited)

At first glance, I see:

  • There are no HITS in the CS screenshot.
  • The CS is configured for SSL 443, but you are getting responses with SSL calls on port 44301.

This makes me think that your requests are not reaching the CS but another IP.

Start by verifying that the DNS name s4-preprod.bock.aurora.ab-inbev.com returns the IP of the CS from your pc (ping... nslookup...).

Compare the counters before and after a test to verify if you are reaching the CS (the CS HITS increased) and which policy was used (increased HITS on the policy).
With the following command, you can see the counters for HITS, REQ, and RES of the CS:

stat cs vserver cs_name

With the following command, you can see the counters for individual CS policies:

stat cs policy cs_policy_name

Then, correct the CS policy csp_s4-preprod.bock.aurora.ab-inbev.com_44301_api by aggregating the members:

  • Confusing and incorrect way: HOSTNAME && HEADER1 || HOSTNAME && HEADER2 || HOSTNAME && HEADER3 || HOSTNAME && HEADER4
  • Clear and correct way: HOSTNAME && (HEADER1 || HEADER2 || HEADER3 || HEADER4)

Or split the policy into multiple policies:


Edited by Nicola Campaci
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...