Community Activity
How to search the latest security academic papers
Introduction While following the state-of-the-art of security-related technologies and gathering information is a daily job for engineers, we engineers often take a practical approach to gathering information. For example, when I gather security-rel...
Curse the Rusty OSS supply chain - September 10th to 16th, 2023 - F5 SIRT - This Week in Security
This Week in Security September 10th to 16th, 2023 Aaron here as your editor this week for a round-up of interesting or notable security news from the last week that caught my eye; keeping up to date with new technologies, techniques and informa...
Certificate as second factor for ActiveSync
Hi,we have a F5 in front of an Exchange 2016 Cluster, which does the LB (configured via iApp / the https-combined-pool-selection-irule). There is no APM in use. Since ActiveSync is one of the last "open" services that has no second factor for authent...
Firewall behind APM will be migrated
DearsWe will migrate Firewall behind APM to different vendor, Is this will impact anything on APM device? or we will need to change something in APM.What's the recommended action from APM administrator through this firewall migration to avoid any int...
Looking for help for creating Dynamic content value in ASM
Hi TeamI am currently detected violation for following parameter for example. i am still try to creating dynamic content vlaue in WAF but it doesn't work. can you please give suggestion or any example for creating DCVctl00_ContentPlaceHoldserContent_...
F5 Re-write (Reverse Proxy)
Hello,I have a requirement to pretty much accomplish the followingUsers need to access http://abc.com, but they should see a webpage from https://server01.com/data.aspx without their browser's URL changing.This is non internet facing and is interal o...
Implementing F5 DNS and Creating Custom CNAME Redirects
We are currently implementing a solution in Azure and have encountered some DNS-related issues. I think it's a good idea to implement F5 DNS. However, I wonder if we can create an iRule to set up a CNAME for a specific domain. In other words, if a do...
Load not equally distributed for server api calls
Hi,I have 3 servers which i have to put behind balancer for load distribution. So i have configured a http virtual server (with cookie persistence).Users can access services provided by these servers both through web browsers (when they are inside co...
Command to check what ip/ips are hitting a specific url on f5 big ip 16.1.3
Need to know if there is a specific command for that, have a use case where i need to check what ips are hitting a url in the last 24 hours.Thank You
Redirect/Rewrite to Same Host URL different Host with App AD FS Authentication
So say we have a redirect/rewrite in place which performs a redirect forhttps://myapp.site.com/ (in VM host)to https://myapp.site.com/ (in kubernetes container host)The new location is also available as: https://myapp.apps.site.com/ The effort is...
Replace server name
Hello All,I am looking to replace the FQDN of a URL with the server name keeping the remainder of the URL after the FQDN. Trying to find the simplest way to acheive this. Dont want to redirect the entire URL, just swap the FQDN.
F5 APM AES256 in keytab for Kerb Auth failed
Hi,,I am a newbie on F5 apm, currently, we have to authenticate users to access applications, I use the kerberos protocol via a keytab uploder file on the F5 apm, however, want to change encryption algorithm (RC4 to AES 256), the user sees displayed ...
Rewrite the post operation with a body.
Hi;can you help to write the irule to rewrite the post operation (not uri redirect) with a body as below:For example: abc-cd.ef.com/abc/v1/jurisdict/configuration rewrite to cd.ef.com/abc/v1/jurisdict/configuration other example: abc-cd.ef...
OAuth for Mobile - Dan Moore - DevCentral Connects 133 - September 19, 2023
Guest Dan Moore | @mooreds | X | LinkedIn Notes @mooreds will be speaking at Longhorn PHP, Nov 2-4 in Austin Texas. His talk - What PHP Developers Need to Know About JWTs Dan's OAuth video!
Can AS3 Backup / Restore BIG-IP Config
With the announcement that iControl REST is going away in favor of AS3 for everything. I'm trying to figure out how would you backup / restore a BIGIP device using AS3?Another option is to somehow utilize gitlab to perform backups and restore but no...
iControl PFX Upload with PowerShell
Has anyone found a way to import a PFX into the f5 using PowerShell? I am attempting to perform this using the method below but am unable to get the iControl PowerShell snap-in registered. https://community.f5.com/t5/technical-forum/what-is-the-path-...
Migrating from BIG-IP 2000 to rSeries 2600.
Hello, I have an old install, containing a cluster of big-ip 2000 series, running version 13.1.1.4This needs to be migrated to a cluster of rSeries 2600 boxes.Im not really experienced upgrading F5's, but I am reading on f5-journeys on github, and it...
SSL Bridging verification
Is there an easy way to veriify that SSL Bridging is working on an F5 LTM? I need to determine that an SSL session between the client and the F5 has been made and subsequently an SSL session between the F5 and the destination server.I've asked F5 sup...
Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio
Introduction Adaptive applications utilize an architectural approach that facilitates rapid and often fully-automated responses to changing conditions—for example, new cyberattacks, updates to security posture, application performance degradations, ...
Failed to connect via GTM/LTM
Hi All,We have vertical kubernetes cluster and put F5 (GTM/LTM) in front of the cluster. Service to service call will be go to GTM/LTM before go to micro service (workload/pod):service A -> GTM/LTM -> service BWe have problem that the call from servi...
Connection reset by peer via Standard Virtual Server
Hello,I got an api backend service behind an F5, the problem is if Virtual Server is Standard then client gets "Connection reset by peer", the problem is disapeared if i switch to Performance (HTTP).However, Performance HTTP would not allow to config...
AWAF version 15.1.8.1 does not support Brute Force as one of the attacks for Delayed Blocking
Hi;With Delayed Blocking, one of the attacks in the list of attacks that can be associated with delayed blocking is "Brute Force, maximum login attemps are exceeded"For some reason, I cannot find this attack type in the list and I know it used to be ...
SNMP OIDs for i5600 and i7600
Hello All...I am looking for the SNMP OIDs, How can we figure out which OID is correct for our device. I beleive the MIB file has everything not just specific to the platform
HELP CREATING IRULE FOR ACCORDING SSL VERSION RESPONSE WITH HTML PAGE
Hello, I am trying to create / homologate a rule from a citrix balancer(netscaler) to a F5 because of a brand migration, however I have not been able to find the configuration for the rule which I will detail below: EXPRESSION: (CLIENT.SSL.VERSION.EQ...
iRule HTML Maintenance Page insert URI Value
Looking for help writing an iRule that will display, in HTML code, that the page being access has been changed. I'm trying to figure out how to referece the requested URI in HTML since this will vary. Below is what I have for now. Any help is appr...
ExternalName Service and Authentication Subrequests with NGINX Ingress Controller
Summary Features like subrequests for authentication, adding/removing HTTP headers, and supporting services of type ExternalName in Kubernetes (K8s) are great reasons to use F5 NGINX Ingress Controller. Documentation and examples of NGINX configurat...
F5 ASM logging settings
Hey Guys,Have you ever deal with turning off one particular part of logs in ASM? for example im dealing with huge amount of logs of "Access from malicious ip address" which is resource consuming and its spamming logs which are unreadable due to this....
Resolved! API security
I have API which can be accessed through internet. I have restrict the access with IP address ( iRule/data group). Also, I have applied client authentication using certificate to be installed on client side ( iRule).Is there any other layer I should...
Minimizing Security Complexity: Managing Distributed WAF Policies
Introduction: In today's digital landscape, where cyber threats constantly evolve, safeguarding an enterprise's web applications is of paramount importance. However, for security engineers tasked with protecting a large enterprise equipped with a s...
Resolved! GTM synchronization group
dears,I configured a synchronization group between our Two GTMs, and all configurations advertised successfully to the second GTM, but I faced an issue, as after I configured any new configuration on one of them the configuration did not advertise to...
