Community Activity
DevCentral's Featured Member for April - Mihai Cziraki
Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and our Featured Series gives you some insight on some of our most engaged folks. DevCentral MVP Mi...
Standard irule that can be used for multiple urls
Here is a usecase I have and I am trying to find a solution for it.ABCD.com/app1/anythingTranslated to: app1.internaldomain.com/everythingAbcd.com/app2/api/helloApp2.internaldomain.com/API/helloI am able to get till app1/app2 but the rest just fails ...
rSeries Allow List
Any reason why you can only add single hosts or subnets for the rSeries Allow List? Seems a little crazy to me that you cannot add multiple host variables in the same command line. I have 87 hosts that I need to create for allowing SNMP 161. Maybe th...
F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows
IntroductionMachine Tunnels vs. other Access PoliciesMachine Tunnel AuthenticationAccess control is criticalAn example configurationStep 1 Start the Device WizardStep 2 Name our new PolicyStep 3 Set AuthenticationStep 4 Client Address PoolStep 5 Netw...
BIG-IQ 7.1: Login Using Azure AD as IdP
Is there a manner to use Azure AD as IdP to log onto BIG-IQ? I can see only Active Directory or LDAP in the list of Auth Provider. Any help would be appreciatedThanks
CVE: Who, What, Where, and When
CVE: Who, What, Where, and When Background A few months ago I wrote “Why We CVE”, wherein I covered the general intention of the CVE program, and more specifically the reasons why F5 publishes CVEs. After publishing that article the rusty, creaky m...
F5OS AD Integration
I'm not usually the person that sets up the AD integration on our hosts. The person that normally configures it took one look at the new F5OS (1.4) and, well, I won't repeat their comment here. I figured how hard can it be. I think I'm reasonably ...
F5 Rules for AWS WAF - List of CVE
I have checked the AWS WAF F5 rule - Common Vulnerabilities and Exposures (CVE) rule on the AWS marketplace, but is there a WAF rule that corresponds to the following CVE?- CVE-2022-24963(https://nvd.nist.gov/vuln/detail/CVE-2022-24963#match-8865215)...
Kali Purple, Linus Tech Tips, SDR - March 18th - 24th, 2023 - F5 SIRT - This Week in Security
Introduction Hello again, Kyle Fox here. This week we have some big news from the tools people over at Kali Linux, a major YouTube channel takeover, a short look into the Software Defined Radio scene, and an extra large helping of news in the rou...
BIG-IP Peer self local IP cannot be ping
Hi Expert,I have a big-ip in HA setting.But if I am in primary one, I cannot ping peer local self IP.I can ping primary local and floating IP. https://my.f5.com/manage/s/article/K3475I check this link, and I do tcpdump in primary one, I can see I am ...
Radius:avp 97 ipv6
Hi all,I'm trying to get IPv6 address of customer using Radius AVP 97 using iRule, it works fine with IPv4 but IPv6 always return empty field, even for known IPv6 cutomer, here is the start of the scriptwhen CLIENT_ACCEPTED {# 4 for Accounting-Reques...
Integrating SSL Orchestrator with Cisco WSA Virtual Edition
Introduction The Secure Sockets Layer (SSL) protocol and its successor, Transport Layer Security (TLS), are being widely adopted by organizations to secure IP communications. While SSL/TLS provides data privacy and secure communications, it also cre...
About Routing
Hello,Here is my structure:My F5 can ping 192.168.1.1 through 10.10.10.254But why Win(192.168.1.1) can't ping 10.10.10.254 ? Any help is appreciate.
Automatic schedule report for APM session logs
Hi Experts,Please guide me to configure Automatic scheduled Access session report for daily basis. (APM)This report has to send to email Id dayily basis which contains the active session ,Landing URI and Geolocation details. -Rkram
Resolved! icmp of management firewall
Hello.I was doing a test on the management firewall.I don't want to respond when a client makes an ICMP request to MGMT.I think I can do it by adjusting the settings in "Security Firewall Management-IP-Rules", but it doesn't work.Any suggestions?
Webredirect and URL Rewrite
I have a requirement for users to target an internal url but have it redirect to an external url, while preserving the original URL in the browser. So for example:User targets -> Myinternalsite@mycompanydomain.com Redirects to -> externalsite@externa...
Verify a certificate before it redirects
I have a website VIP which corresponds ex: https://abc.com and it gets redirected to ex: https://xyz.com. The certificate on https://abc.com is expiring and I want to know how can I verify if the new cert on abc.com is applied without removing the po...
Introduction to OWASP API Security Top 10 2023 (RC)
Introduction to API: An Application Programming Interface (API) is a component that enables communication between two different systems by following certain rules. It also adds a layer of abstraction between the two systems where the requester does ...
Enhanced Modern Applications and MicroServices SSO with NGINX
Use case introLab setupUDF lab LinkNGINX Plus configurationsAuth0 ConfigurationsAdditional learning links Use case intro NGINX Plus adds Single Sign-On Access feature on top of NGINX well-known flexibility of deployment whether containerized micro ap...
A look on APT operations and using F5 BIG-IP features for mitigation
Introduction Vulnerabilities are constantly discovered on various platforms and when certain threat actors utilize them and adds their method of operations, these threat actors sometimes become named Advance Persistent Threats - APT for short. We at...
DC Technical Forum post about Azure Front Door and F5XC
User @alekseeh had a question that this group may be able to answer:https://community.f5.com/t5/technical-forum/f5-on-azure-behind-sdn/m-p/311896Can someone please help them?
Resolved! SSLO HTTPS conversion to HTTP for NGFW inspection
Hi all,I am new to the bigip SSLO and I was playing around it in order to see if I can enhance my NGFW visibility instead of moving to a bigger box.The BIGIP has been moved as the default gateway for all users and acts as a transparent proxy. All use...
Resolved! Deleting iApp - Pool and VIPs already gone
Hi,I came accross a situation where the VIP and Pool, etc. were created by an iApp. Strict Updates was disabled and the Pool and VIP was removed outside of the iApp.The iApp is not in use, but I'd like to cleanup. I was concerned about deleting to ...
Introduction of IDS and WAF
This is a beginner's guide of IDS and WAF. It explains the problem of Firewall and how the IDS and WAF covers those problems. To understand the merit of WAF, let’s discuss Firewall and IDS first. Firewall To protect from attack/intrude/breach/compro...
disable http retry
hi experti want to disable http retry by using irule, what is irule to do this ?
Resolved! find specific SNMP OID
Hi All.customer want the OID to query the CPU utilization of a virtual server.can some one help me to get OID for a virtual server.
Getting Started with F5 Distributed Cloud Managed Services
Introduction: What if I told you F5 is making F5 Distributed Cloud Services even easier to consume? Do you want to step up and accelerate your security initiatives? F5 Distributed Cloud Services are SaaS-based security, networking, and application m...
F5 LTM/ASM , I-rule to ignore query string to prevent DDOS attack.
Hello guys,My environment : F5 ltm, ASM learning mode.Webapp: Public facing site with many pages with few search pages and filtering pages.I see many people are hitting the site with unknow query string and trying to flood the site.http://app/a/?loc...
Government, Google, and GitHub - March 11th - 17th, 2023 - F5 SIRT - This Week in Security
Editor's introduction Let's spin the wheel of editors and see where it lands this week... MegaZone. Hi folks, it's me again. Reaching into the grab bag of security news from last week I pulled out a handful of items that particularly caug...
websocket configuration
HiI am new in F5 LTM, I would like to know the prerequisites to make an application work with the websocket protocol (WSS), I mean by that:Type of VS ( standard/FastL4/ others) ?Profile ?Certificate Yes/No ?FYI, I have version 15.x on the F5 , and S...
