F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Cory_O's avatar
Cory_O
Icon for Cirrostratus rankCirrostratus
Apr 22, 2023

F5 APM: Deleting domain-groups entries / trim list

Hey everyone, When I go to remove some domain-groups, I'll use the following CLI command as an example:     tmsh modify apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups de...
application delivery
G-Rob's avatar
G-Rob
Icon for Employee rankEmployee
Apr 24, 2023

Cory,

Which version of TMOS are you using? This should be reported via support case, I believe. 

Thanks

  • Cory_O's avatar
    Cory_O
    Icon for Cirrostratus rankCirrostratus
    Apr 24, 2023

    Good morning!

    I've seen this issue across TMOS versions 12.1.5.3 and 14.1.5.3 thus far.

    If I run this command, three new objects are created in the positions mentioned:

    tmsh modify apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups add { authdomain47 { cookie-domain none cookie-host testapp1.iamaserver.com httponly-cookie false persistent-cookie false secure-cookie true sso-name none } authdomain48 { cookie-domain none cookie-host testapp2.iamaserver.com httponly-cookie false persistent-cookie false secure-cookie true sso-name none } authdomain49 { cookie-domain none cookie-host testapp3.iamaserver.com httponly-cookie false persistent-cookie false secure-cookie true sso-name none } }

    I then run the commands to Apply the Access Policy and save.  Following this, I can run the following command to list the new entries:

    tmsh list apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups

    The end of the results shows up as expected:

            authdomain47 {
            app-service none
            cookie-domain none
            cookie-host testapp1.iamaserver.com
            httponly-cookie false
            persistent-cookie false
            secure-cookie true
            sso-name none
        }
        authdomain48 {
            app-service none
            cookie-domain none
            cookie-host testapp2.iamaserver.com
            httponly-cookie false
            persistent-cookie false
            secure-cookie true
            sso-name none
        }
        authdomain49 {
            app-service none
            cookie-domain none
            cookie-host testapp3.iamaserver.com
            httponly-cookie false
            persistent-cookie false
            secure-cookie true
            sso-name none
        }
    }
}

    Now I'll try deleting authdomain48:

    tmsh modify apm profile access MYACCESSPROFILE_LTM-APM_access_profile domain-groups delete { authdomain48 }

    I apply the Access Profile, save, and run another list.  This time, you'll see the result is missing authdomain 48 instead of consolidating 49 to position 48:

            authdomain47 {
            app-service none
            cookie-domain none
            cookie-host testapp1.iamaserver.com
            httponly-cookie false
            persistent-cookie false
            secure-cookie true
            sso-name none
        }
        authdomain49 {
            app-service none
            cookie-domain none
            cookie-host testapp3.iamaserver.com
            httponly-cookie false
            persistent-cookie false
            secure-cookie true
            sso-name none
        }
    }
}

    Deleting the entries via the GUI has the same effect.  That's why I was just looking for a command to trim the list down.  I can open a SR if that's what you suggest.