Forum Discussion
Arie_90212
Nimbostratus
Mar 18, 2015AAM Web App Policy - invalidation rule regex problem
When I enter a regex in the "Client IP" field I get the message The field has invalid characters if the regex contains certain characters like \ and ^ .
That seems a bit odd since those ...
Robert_James_10
Nimbostratus
Aug 03, 2012Funny, we have had many, many "experts" tell us how they think things work; even Microsoft, but actually none of them really know. How about putting the Lync FE Pool members behind the F5's and no SNAT if all traffic has to pass through the LTM's then I would think it may help the LTM's kill the connection. We also thought about 2 1 member pools, at least that way there is settings for timeout in Lync, but I think it's the 3 polls of a dead server before client switchover that's killing us.
We are also waiting on word back if there is a way to change the client behaviour from 3 polls of a dead server to 1, but I'm not getting my hopes up.
I will post here when we get the final solution
Bob James
HiG-Rob, from what I know, I can't choose an iRule in LTM Policy for the checking SSL (containing specific CN)
Can I do it in LTM Policy only without an iRule?MaxMedov,
I think you can use tcp::collect.refer tcp collect start irule
when CLIENT_ACCEPTED { # DEBUG On/Off : 1/0 set DEBUG 0 # disable client/serverside ssl profile by default SSL::disable clientside #SSL::disable serverside if { $DEBUG || [class match -name -- [IP::client_addr] equals debug_ip ] ne "" } { #log local0. "flow is - [IP::remote_addr] -> [IP::local_addr]" } # run TCP collect to check SNI for bypass before intercept SSL traffic # log local0. "run client collect command" TCP::collect set monitor_id [ after 500 { TCP::release } ] }
and you can check the sni, cn, etc... in "when CLIENT_DATA "
- Leslie_HubertusJan 18, 2023Ret. Employee
MaxMedov did Hooni_L's solution work for you? If yes, can you please click the Accept as Solution button under their post? That way future users with the same challenge can easily find the answer. Thanks!