版本问题:
https://support.f5.com/csp/article/K14754
12.1.0 以后能够处理 websocket 协议,之前的版本可以使用两个vs 来区分, http 协议一个 ws 协议 一个 .。如果需要 ssl 协议 那么就配置一个 wss 的vs 。
11.4.0 版本到 12.1.0 版本可以 配置一个 fasthttp profile 来放行 websocket 协议。但是失去了 xff ,插入 cookie 之类的操作, 因此12.1.0 版本解决 或者两个vs 解决.
websocket 说明和 14 版本问题:
https://devcentral.f5.com/s/articles/load-balancing-websockets
如果上面两种方法都不行 ,或者使用下面 irules :
https://devcentral.f5.com/s/feed/0D51T00006i7XG0SAM
测试可以用 ,原则就是 只影响 websocket 传输的数据流 ,最小化原则
when HTTP_REQUEST {
if client request contains a HTTP header "Upgrade: WebSocket", it indicate
the client intended to switch to WebSocket, we shall disable HTTP filter here
it is not very secure as we shall wait for response from server to confirm with
status code 101 (Switching Protocols) with HTTP header "Upgrade: WebSocket"
but it seems that LTM 10.2.4 HF7 have problem on that status code,
so we have to workaround it.
use case insensitive matching
if { "websocket" eq [string tolower [HTTP::header value "Upgrade"]] } {
HTTP::disable
#在检查配置的数据流禁用 HTTP 数据过滤 ,放行后续 ws 协议交互的数据(tcp 协议)
}
}
下面这个其实也有道理 ,在 服务器返回 101 状态吗和 upgrade 字段时关闭 http 但是作者说有问题 ,没测试过
when HTTP_RESPONSE { if status code is 101 (Switching Protocols) and there exists HTTP header "Upgrade: WebSocket", that means we are switching to WebSocket and thus HTTP filter shall be disabled use case insensitive matching if { [HTTP::status] == 101 && "websocket" eq [string tolower [HTTP::header value "Upgrade"]] } { HTTP::disable } }