版本問題:
https://support.f5.com/csp/article/K14754
12.1.0 以后能夠處理 websocket 協議,之前的版本可以使用兩個vs 來區分, http 協議一個 ws 協議 一個 .。如果需要 ssl 協議 那么就配置一個 wss 的vs 。
11.4.0 版本到 12.1.0 版本可以 配置一個 fasthttp profile 來放行 websocket 協議。但是失去了 xff ,插入 cookie 之類的操作, 因此12.1.0 版本解決 或者兩個vs 解決.
websocket 說明和 14 版本問題:
https://devcentral.f5.com/s/articles/load-balancing-websockets
如果上面兩種方法都不行 ,或者使用下面 irules :
https://devcentral.f5.com/s/feed/0D51T00006i7XG0SAM
測試可以用 ,原則就是 只影響 websocket 傳輸的數據流 ,最小化原則
when HTTP_REQUEST {
if client request contains a HTTP header "Upgrade: WebSocket", it indicate
the client intended to switch to WebSocket, we shall disable HTTP filter here
it is not very secure as we shall wait for response from server to confirm with
status code 101 (Switching Protocols) with HTTP header "Upgrade: WebSocket"
but it seems that LTM 10.2.4 HF7 have problem on that status code,
so we have to workaround it.
use case insensitive matching
if { "websocket" eq [string tolower [HTTP::header value "Upgrade"]] } {
HTTP::disable
#在檢查配置的數據流禁用 HTTP 數據過濾 ,放行后續 ws 協議交互的數據(tcp 協議)
}
}
下面這個其實也有道理 ,在 服務器返回 101 狀態嗎和 upgrade 字段時關閉 http 但是作者說有問題 ,沒測試過
when HTTP_RESPONSE { if status code is 101 (Switching Protocols) and there exists HTTP header "Upgrade: WebSocket", that means we are switching to WebSocket and thus HTTP filter shall be disabled use case insensitive matching if { [HTTP::status] == 101 && "websocket" eq [string tolower [HTTP::header value "Upgrade"]] } { HTTP::disable } }