Proxy forwarding setup into WSS
ProxySG healthchecks enabled for 8080, 8443 and 8084 TCP ports
Healthchecks are TCP based - open connection with TCP SYN and once complete, issue TCP FIN to close connection without exchanging any data
WSS reports showing no user with the address of -://-:0/ (no scheme, host or port information) as shown below
Product defect handling proxy forwarded healthcheck requests.
Healthchecks on TCP 8443 caused of the issue (only TCP port in server mode on onprem ProxySG configuration and not proxy mode)
The WSS proxy handling request is expecting Application data and does not get any
Can replicate by setting up a proxy forwarding location and then generating a netcat probe on TCP 8443 to the WSS VIP for a tenant with a Proxy forwarding location defined
[email protected]:~> nc -v -n 22.214.171.124 8443
Connection to 126.96.36.199 8443 port [tcp/*] succeeded!
Ignore the errors for now - defect has been opened with plan to drop these log entries.
We can technically disable this log entry with the following CPL
http.request.body.size=0 proxy.port=8443 access_log(no)