Technical Forum
Ask questions. Discover Answers.
64698 PostsActivity in Forums
Difference between Rest API security protection and API Security ASM template ?
Hi,I have to protect some Rest API with ASM.I saw that there are 2 different API protection features :1) Create an ASM policy with the API security template where you just import the swagger file.2) Use the guided configuration tool and create an API...
Setting up LACP between the F5 machine and two firewalls in cluster
We have a Viprion2250 connected via one trunk using 0x8100 Ether type to our standalone firewall (8interfaces in the trunk - that is 8x10G each)So basically we have one viprion to connected to one Fortigate (firewall) via LACPWorks fine...Now we purc...
Live Update- ASM attack signatures
I have enabled the live update from ASM signtures and i install them manully. if i go to the installation history, will list all previous installed signatures, so my question is , if i delete them from installation history it will be removed from ASM...
Add LTM two boxs ( HA ) on F5 GTM
I have two LTM boxes and configure HA between them, in this case how i can add LTM to GTM , it is applicable to make this with floating IP, or I will add two LTM separately as a two server on GTM
Resolved! SSL Offloading for specific IPs or range of IPs
Current flow is as belowClient -> F5 LTM (SSL Proxying) -> On premise Application Servers (TLS Offloading).Certificates that do TLS offloading has F5 LTM DNS as CN/SAN.For a migration of my on premise application stack to cloud, I need to achieve bel...
SOCKS Proxy Config, floating or non-floating interface?
Hi all, I've got a socks proxy configured on LTM in a big-ip cluster. Would you expect the onward comms to come out of the floating or none floating ip?It's currently coming out of the non-floating interface and i was expecting the comms to come out ...
Remote Logging still going to /var/log/ltm
I used the log IP for an irule and the log lines are still going to /var/log/ltm. I only want the output to skip /var/log/ltm/ and only output to the syslogs. Is that possible? Thanks irule being usedwhen HTTP_RESPONSE {log XX.XX.XXXXX:514 [HTTP::re...
Support TLS1.3 and TLS1.2 protocols
Hello, Today we are working only with TLS1.2 on SSL Clients profiles.We are about to enable TLS1.3, and I have a few questions before a behavior about the SSL handshake process:Case -We are working with 3 strong ciphers supporting only 1.2 and config...
HA between GTM
Hello,how we can make HA between two GTM boxes at the same datacenter
Resolved! Help with irule using switch
I need an irule that does the following -If host name equals xxx.com and uri equals /yyy redirect to xxy.com....but I need to switch between 6 different URIs - I want to use the SWITCH command but I'm not sure how to combine it with the first conditi...
Resolved! irule reject request when payload field is null
Hello everyone,I have the following case, when there is a request to my url: https://10.10.10.10/aaa/v1/xx/test/okokokok, the payload will have to have the fields test, test1, test2, test3. Attackers convert these fields to null or void causing the s...
Unable to change auth source to rasidus
folks,anyone encounter this error. unable to change the auth source from local to radius after the radius server and remote role groups. But on the GUI, can change from local to remote-radisus..# modify auth source { fallback true type radius }010709...
Resolved! Bot Log is not showing in BIG-IQ
Hi, I am Emon and I am new member at f5 world.I am using BIG-IP 15.1.8.2 and BIG-IQ 8.3.0 (CM and DCD). The Big-IQ is not showing the bot log as seen in the BIG-IP (ASM/WAF) itself. BIG-IP box's Event Log all bot request is seen but biq iq bot reques...
Resolved! exclude HTTP::header value Content-Type] equals "text/xml; charset=utf-8" from SSL redirect
Hiwe are trying to exclude from force https irule the belowcontent typeHTTP::header value Content-Type] equals "text/xml; charset=utf-8" also we are using stream profile because we applied irule for mixed contentsis there any way to exclude the above...
Resolved! domain blocking
Hello Dearsi am trying block part of published url as show below :exmpale.comi want to block only access to exmaple.com/data_open/anyone can help ?Best Regards
How to extract applications historical data from F5 LTM
Hi All,I am looking for historical connections utilization data of applications hosted on F5 LTM. Is there any way to check the same?
Resolved! Change of DNS and NTP servers
we are going to change the assignment of DNS and NTP servers and we would like you to confirm us if adding the new ones has to be done at host and/or guest level and if there is any kind of service disruption when applying them.
TIL - Why do they call it a Cookie?
In a conversation with my 17yo a couple days ago about TikTok unique views I proposed that it would be easy(er) to count unique views because they don't have to rely on cookies the way a website might. 17 - A cookie?Me - Yeah - a cookie is a little i...
Mask Value in Logs based on the OpenAPI specification
Hello,is there any option to define value under "Mask Value in Logs" for JSON profile based on the OpenAPI specification?Policy is build from the swagger file. JSON profile is created based on the schema defined in swagger (OpenAPI) file. What I cann...
what happens to connection when failover happens from active to standby
when primary f5 (active ) failover to secondary (standby) does F5 send rst packet to connection on previoulsy active primary f5 or does it siliently close the connection . @PSilva @JRahm
Virtual server traffic logs not coming in F5 or Remote logging
Hello All, We have added our Website to F5 in Virtual Server and status is coming as Enabled. When we access the webserver, we are unable to get any Traffic logs in F5 logs and also in Remote Logging server. We have also added Request logging profile...
Resolved! Detecting /# in an URL
HiI created an iRule to permit/deny the access to the URL /#/admin according to the client address.My problem is neither [HTTP::uri] nor [HTTP::path] contain #/adminI observed navigators and curl "removes" the # and its trailing part (#/admin) from ...
OID about Listeners Request statistics
Hi guys I need your help.. I tried to find OID about Listeners Request statistics but, I can't found that please let me know if you know OID !
SSL 3.0.7 - Unsafe legacy renegotiation disabled on client side
We have a client reporting a problem connection to one of our endpoints after they upgraded their appliance that uses SSL 3.0.7. I've read around a little and I believe this is in relation to the recent security issue announced by OpenSSL. Their devi...
big3d timeouts
We are experiencing intermittent big3d timeout errors from our GTM sync group. It seems that the GTM whose gtmd is selected to poll is okay, but the other GTMs in our sync group will report a bip3d timeout:GTM2.ABC.LOCAL alert gmtd[12345]: 011a6006:1...
How to affect Static persist LB method for GSLB pools
We are using GSLB for DNS load balancing to couple of sites with "data" load balancers. We need to achive persistency, so I set Static persist LB method. It works fine for most of the clients. But when client use "cloud" DNS server, I mean google 8.8...
ASM - Disable violation for a specific URI
Below is the violation detected for a certain URI. We are looking to disable only for this specific URIEvasion technique detected [1]Detected Evasion Technique Bad unescapeParameter Value"1.0"?<UserName>xxxxxxx</UserName><UserPassword>Hello123%</User...
Resolved! BGP stops advertising after upgrade
Hello , we have an LTM VE in a HA cluster . We have defined a couple of route domain (RD) and have enabled BGP/BFD for these route domains .There is a BGP routing configuration present (imish -r RD) . In this configuration peer devices are defined ,...
Address list in Virtual server
Hi,i have a 20+ virtual servers configured with 80percent of them is used for 443 service and others for 22 and other custom ports/service.I want to know how i can use the Address list in virtual server to optimize the operational tasks like managein...
Resolved! Updating BIG-IP Edge Client for the BIG-IP APM system and disk 100% full
hi experti want to instal new bigip apm client on f5 but when i show df -h on file /dev/loop0 use 100%, how to fix this ?is it ok to install bigip apm client because i want to install version from 7.2.2.2 to 7.2.4.1 should i remove existing version ...
