For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DavidB's avatar
DavidB
Icon for Altostratus rankAltostratus
Jun 23, 2022

Load Balance Host Headers

I posted last week asking for assitance load balancing WebLogic apps. I received some good responses, but they didn't work. I submitted an F5 support case and was basically told they don't help build...
application delivery
weblogic
DavidB's avatar
DavidB
Icon for Altostratus rankAltostratus
Jun 24, 2022

Absolutely. This is the iRule (currently)

when HTTP_REQUEST {
if { [HTTP::uri] equals "/" } {
switch -glob [string tolower [HTTP::host]] {
"idcfdars.bls.gov" { HTTP::redirect "https://idcfdars.bls.gov/ARS" }
"cesdatad.bls.gov" { HTTP::redirect "https://cesdatad.bls.gov/CESLite" }
"blsconfidentialitytrainingd.bls.gov" { HTTP::redirect "https://blsconfidentialitytrainingd.bls.gov/ICT" }
"cpidatad.bls.gov" { HTTP::redirect "https://cpidatad.bls.gov/CPILite" }
"idcfdbbs.bls.gov" { HTTP::redirect "https://idcfdbbs.bls.gov/BBS" }
"joltsdatad.bls.gov" { HTTP::redirect "https://joltsdatad.bls.gov/JOLTS" }
"blscompdatad.bls.gov" { HTTP::redirect "https://blscompdatad.bls.gov/NCSLite" }
"trainingd.bls.gov" { HTTP::redirect "https://trainingd.bls.gov/LMS" }
"respondentsd.bls.gov" { HTTP::redirect "https://respondentsd.bls.gov/upload" }
"idcfdoews.bls.gov" { HTTP::redirect "https://idcfdoews.bls.gov/OEWSLite" }
default { HTTP::redirect "https://idcfd.bls.gov/authentication/login" }
}
}
}

when HTTP_RESPONSE {
foreach header {Server X-Powered-By X-AspNet-Version Cache-Control} {
HTTP::header remove $header
}

HTTP::header insert Pool-Info [class search -value hosts_dg eq [IP::server_addr]]
HTTP::header insert WL-Proxy-Client-IP [IP::client_addr]
set cookieNames [HTTP::cookie names]
foreach aCookie $cookieNames {
HTTP::cookie version $aCookie 1
HTTP::cookie secure $aCookie enable
HTTP::cookie httponly $aCookie enable
}
}

I will note that I've played with this iRule frequently and even completedsome of the testing withot the iRule in the config. That's actually tru of the VS also. I started disabling profiles to see how or if it imapcted the errors but never found these efforts to change much. (Sometimes it got worse)

Right now the pool is actually just a single node and I changed the HTTP port to 81 to help isolate the traffic during dubugging. Yesterday when I thought a lot of the traffic never got to IIS it was based on the IIS logs showing the health traffic but not my testing traffic.

ltm pool IDCFLB.app/IDCFLB_pool {
app-service /Common/IDCFLB.app/IDCFLB
members {
dewsvweb1:81 {
address 146.142.201.51
app-service /Common/IDCFLB.app/IDCFLB
session monitor-enabled
state up
}
}
monitor IDCFLB.app/IDCFLB_http_monitor
slow-ramp-time 300
}

DavidB's avatar
DavidB
Icon for Altostratus rankAltostratus
Jun 24, 2022

Another follow up on my self imposed quality control problem. I only found 1 site where that was the issue. Still have some sites that show the too many redirect errors, but it is inconsistent. A couple sites showed this error then a few seconds later loaded. Right this moment I have more sites loading the home page than not (haven't started deeper regression testing yet), but the incosistencies definitely curb my enthusiasm that I actually fixed anything.