Catching Requests Rejected by the F5 Security Module

The F5 is a security layer that filters all incoming and outgoing traffic to any site hosted on the PS pod. Yes, all traffic. If it sees anything it doesn't like, based on some secure, cryptic string parsing rules, it will reject the entire request, kick back a 503 error (for some reason), and puke out an ugly HTML page with a long support ID.

If you submit an incident to Cloud Ops, they should be able to add an 'exception' to the F5 rules based on the support ID to allow that specific request through. That is, when they get around to it. Yes, pretty ugly, but at least it's 'secure', right?

The F5 will even reject valid SOAP API requests, as we recently found out during a go-live. Oops, I didn't consider logging the entire response body of a failed 503 request to retrieve the generated support ID... Here's how to do it:

try
{
// Code that makes a SOAP call
}
catch (ServerTooBusyException ex)
{
try
{
if (ex.InnerException is WebException)
{
WebException innerEx = ex.InnerException as WebException;
string badResponse = new StreamReader(innerEx.Response.GetResponseStream()).ReadToEnd();
string msg = String.Format("Fatal error sending SOAP request. This is most likely an F5 issue, response: {0} Exception: {1}", badResponse, ex);
// Log your error
}
else
{
throw new Exception();
}
}
catch (Exception)
{
string msg = String.Format("Fatal error processing web exception. This is most likely an F5 issue, but the response could not be parsed. {1}", ex);
// Log your error
}
}
catch (Exception ex)
{
// Normal error handling
}

Zircon - This is a contributing Drupal Theme
Design by WeebPal.