Apache httpd server doesn't accept GET HTTP request from F5 load balancer

Asked 10/2, 2020 at 5:32 Answered 14/4, 2022 at 14:56

We are currently bringing reverse proxy solution between internet and application server. I have completed the simple reverse proxy setup and I am successfully able to reach application server from reverse proxy. But when I try to perform a health check from F5 to reverse proxy, it fails and there are no errors in the error_log except the following in access_log

XX.XXX.XX.X - - [07/Feb/2020:15:33:27 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:28 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:32 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:33 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:37 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:38 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:42 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:43 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:47 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:48 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:52 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:53 -0700] "\x16\x03\x01" 400 226 "-" "-"

Swanee answered 10/2, 2020 at 5:32 Comment(0)

Instead of HTTP methods (which is the first thing a HTTP client will send), you are getting strings starting with \x16, which is the start of a TLS handshake.

This means that your client is trying to use HTTPS to speak to a HTTP server. Just starting a server on port 443 doesn't make it HTTPS. The quick way to confirm this is probably to change a url such as https://foo to http://foo:443

Crotty answered 10/2, 2020 at 5:43 Comment(7)

Hi Evert, thanks for your quick response. So you are suggesting to change the URL at F5 host to http://foo:443? Also, for successful F5 HTTPS request to Apache, should I enable SSL/TLS? – Swanee 10/2, 2020 at 5:49

The question is, do you care about the traffic between your F5 instance and apache to be encrypted. If it's all local traffic, maybe it's not important and you should just switch to http. – Crotty 10/2, 2020 at 5:51

That makes perfect sense! I will check with my IT guy to see if it has to be encrypted but if it is not, then can I still use port 443 or recommended to change 80? – Swanee 10/2, 2020 at 5:52

Switching to port 80 is the least surprising thing to do. If you're running on port 443 I expect a HTTPS server, not a HTTP server. – Crotty 10/2, 2020 at 5:53

Ok thanks! If it needs to be encrypted that leads me to enable SSL handshake between F5 and apache. – Swanee 10/2, 2020 at 5:56

I had also few other questions on the configurations above, would you mind to help me with that as well as I am new to setting up apache httpd server.

The above proxy pass is only to redirect the test.html page but the above configuration may not work with original full context (for eg. http://application_ip/soa/test/test.html). In this case, how do I redirect with single configuration, Does Rewrite be helpful 4.What does the above message from access_log mean 5.Is there anything else am I missing here to have successful F5 health check

– Swanee 10/2, 2020 at 5:57

It would be good if you can point me to a best link which will help me setup Apache with SSL enabled. – Swanee 10/2, 2020 at 5:59

I had the same problem "\ x16 \ x03 \ x01" 400 226 "-" "-". My mistake was in my DNAT firewall. I caught communication on both 80 and 443 and DNAT only to IP: 80. This rule redirects all traffic from http and https to TCP / 80. That's why the request "\ x16 .." was recorded in the log. Maybe my experience will help someone :-)

Lentil answered 14/4, 2022 at 14:56 Comment(0)

Recommended topics

Hot tags