Saturday, October 30, 2021

[SOLVED] Apache httpd server doesn't accept GET HTTP request from F5 load balancer

Issue

We are currently bringing reverse proxy solution between internet and application server. I have completed the simple reverse proxy setup and I am successfully able to reach application server from reverse proxy. But when I try to perform a health check from F5 to reverse proxy, it fails and there are no errors in the error_log except the following in access_log

XX.XXX.XX.X - - [07/Feb/2020:15:33:27 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:28 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:32 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:33 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:37 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:38 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:42 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:43 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:47 -0700] "\x16\x03\x01" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:48 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:52 -0700] "\x16\x03\x01\x02" 400 226 "-" "-"
XX.XXX.XX.X - - [07/Feb/2020:15:33:53 -0700] "\x16\x03\x01" 400 226 "-" "-"


Solution

Instead of HTTP methods (which is the first thing a HTTP client will send), you are getting strings starting with \x16, which is the start of a TLS handshake.

This means that your client is trying to use HTTPS to speak to a HTTP server. Just starting a server on port 443 doesn't make it HTTPS. The quick way to confirm this is probably to change a url such as https://foo to http://foo:443



Answered By - Evert