Community Activity
Irule to match a Domain
Guys I really need your help. Im currently working on a request. Lets say i have the below URL https://abd.com/files/jaskjaskjsakjasjk.jpgCustomers are asking me to disable anything that comes after the /files that has an image extension like jpg, pd...
SCP "path not allowed"
Hello, I just upgraded to BigIP 14.1.4.6 and now cannot scp some text files from the F5 appliances to my linux workstation. Either from the F5 bash prompt scp sening to my linux box or the other way around, I keep getting "path not allowed". I rea...
Week in Review: May 16 - May 20
My weekly thread where we can drop interesting stories, kind notes to those who've helped along the way, personal successes and failures and what you learned from them, etc. I'll add some things as the week progresses, hope you will as well! Last Wee...
Traffic Intelligence in AFM through Categories
Introduction In previous article I talked about how we can configure AFM for filtering URL traffic using URL classification feature, this allows us to control web traffic traversing AFM. This can be very useful because using FQDN in firewall rules...
APM - How to configure logging of snat addresses for network access and app tunnels
Hello everyone,we are using BIG-IP Access Policy Manager to enable administrative access to systems via App Tunnel and Network Access resources.For security reasons, we need to be able to map requests logged on backend resources/systems (e.g. in SSH...
Help with migrating external DNS servers
My questions about migrating to new servers: Is there any reason to not make the new servers also DC's and convert the zones to Active Directory integrated primary zones? If I do this would I lose the ability to modify multiple zones at the same time...
condition irule OR not working
Can somebody help on this. the first irule is working perfectly but when adding OR condition it is not (not working section) .this is working:----------------------when HTTP_REQUEST {if { (([HTTP::uri] ne "/evs/ent.msg.evs.ext.Notification_1.0") and ...
Remote Desktop Session Host type user defined webtop icon
Hello,When I use this KB https://support.f5.com/csp/article/K24493695, I have the following icon in webtop:How can the RDP be published using the bellow RDP client in webtop itself.Please advise.Thanks !
Irule redirction default sys_https_redirection
_sys_https_redirection Does above irule work for customize https port 8443http running on 8080 and https on 8443.... if not help me to provide new irule for the same.
Do we have an option to check traffic on the VIP since last few months ?
Hi Team , We have many VIP's whic are down . To do house keeping of this VIP , We would like to know since from when we don't have traffic on the VIP . Do we have any option to check this ???
Deploy Services in Google Cloud using v2 BIG-IP Cloud Solution Templates with New Stack
IntroHow-to v2 Quickstart Example: BIG-IP on Google Cloud with New Network StackClone GitHub RepositoryModify Parameters - New StackDeploy the BIG-IP - New StackValidating the DeploymentSSH to BIG-IP and Review LogsTesting the Application and WAFDele...
Deploy Services in Google Cloud using v2 BIG-IP Cloud Solution Templates with Existing Stack
IntroHow-to v2 Quickstart Example: BIG-IP on Google Cloud with Existing Network StackClone GitHub RepositoryModify Parameters - Existing StackDeploy the BIG-IP - Existing StackValidating the DeploymentSSH to BIG-IP and Review LogsTesting the Applicat...
New Ways to Deploy Services in Public Cloud with v2 BIG-IP Cloud Solution Templates
IntroCloud Template History: v1 versus v2Example v2 TemplatesSummaryResourcesArticle Series Intro The BIG-IP Public Cloud team has developed many solutions over the years to enable customers to easily deploy BIG-IP with a few steps. The latest Cloud ...
How to convert SWG log to regex on paloalto.
I need to show swg log to Palo alto user mapping. This is a swg log.swg tmm[4771]: 24641538 Common,/Common/swg.app/swg_proxy_vs,/Common/expilcit,cb08e26a,10.2.9.100,(anonymous),http://detectportal.firefox.com/canonical.html,/Common/Information_Techno...
Asm capabilities to decode base46 request
i have tried to inject sql injection in my request and encode it , the asm pass the request as 200 . so how can i decode the request to allow asm to read and detect the attack?
deleting authentication cookie and reloading the page gives download.gz
Hi all,after login to the webpage, we deleted the authentication cookie from inspection tool on chrome and tried to reload the page for fresh start.we are receiving the download.gz file upon refreshing the web page. any ideas on this behaviour?can th...
Firewall did not seeing source public IP. Log show F5 as source IP.
Hi,I have a VIP that accesses able from outside. When the user connects to this VIP in the firewall log we see F5 source IP vs we should see public IP for that user. My VIP Source Address Translation is set to "Automap". If I change Source Address Tr...
Differentiating between the BIG-IP data plane and control plane
The newest F5 security advisory articles state whether specified vulnerabilities impact the control plane, the data plane, or both. Data-plane processing is related to the basic process of getting data, whether it be input from a system or requests...
F5 logs
We feed out F5 logs into a SIEM and use for incident investigation. Currently the logs we get do not show cs information - all I get is the ss IP addresses. This makes it impossible to correlate IPS alerts with the source IP -- all I see is the ss IP...
How many ssl certificates can be added to a single virtual server
I have a VS with multiple ssl certificates, however, we need to add around 500 Certificates to a single virtual server, I have searched but I do not find any information on whether there is a limit or performance impact when you add many SSL Certific...
Deploy the NGINX Modern Apps Reference Architecture locally
The NGINX Modern Apps Reference Architecture (MARA) project is now available, to run locally, on MicroK8s. In the detailed article, posted at NGINX.com/blog/mara-now-running-on-workstation-near-you, you will find HowTo steps to deploy MARA using NGI...
Exploring F5OS automation features on VELOS
Concepts VELOS is F5's latest generation chassis platform, providing a high density, high performance hardware platform for organisations that need the ultimate performance for on-premise applications. With VELOS, a new hypervisor operating system ca...
F5 cluster in Azure - why ALB is suggested in fornt?
Hi!Recently we are building F5 cluster in Azure. Regular stuff, with VIPs and RServers behind the F5, maybe SSL termination.Initially we wanted to build it in classic way. Public IP in front + DNS entry (no need for DNS LB), next NAT it to F5 Outside...
GTM/DNS as a smart DNS server ("without" LTM)
Hi,I am trying to figure out a way to use F5 BIG-IP GTM/DNS as a smart DNS server only. The idea is shown in the figure below.There a two data centers with GTMs, LTMs and servers as shown above. Let's just say that we don't want to place the servers ...
I have decided to dust off my dormant F5 lab - suggestions welcome
A long time ago I built myself a multiuser F5 lab. Based on my ATC experiences I tried to include enough material to make it useful. It was fun and useful endeavour. So this lab still exists in hibernation on my hardware and i've decided its time to ...
F5 LTM Unable to access the Nodes
Hi AllI have F5 101 exam and i was practicing the cbtnugget lab everything works fine however after creating the virtual server I can't access the nodes. I can see the hit on the nodes but i cant access them? what could be the reason?
Big-IQ API query and only return result from active LTM?
We're trying to perform automation on BigIQ and the challenge were facing is were getting results from both the LTM device and we cant easily identify which object is from the Active LTM. Is it possible to do Big-IQ API query and only return result f...
OneConnect Profile Max-Reuse of Zero
Hi,We have an existing production OneConnect profile with a max-reuse paramter of zero:ltm profile one-connect /Border/pr_OneConnect_NoReuse { app-service none max-reuse 0}Does anyone have an idea of what this means?Does it close the backend co...
stuck on a spinner
I have a case of a very long running database query, and I need spinner to entertain the users. But I cannot figure it out.location /longtest {default_type 'text/html; charset=UTF-8'; content_by_lua_block { local h = io.popen('bash...
F5 Distributed Cloud Platform: Right Tools for the Right Jobs – Cloud Migration
Welcome to F5 Distributed Cloud Platform. Today I am going to share with you on a topic on “Right Tools for the Right Job” specifically focusing on Cloud Migration Journey – which migrating workloads from on-prem to public cloud. I had many convers...
