F5 CIS Deployment in OpenShift, CRD Mode
Hi everyone, Looking at the F5 documentation I understand that deploying the F5 BigIP Ctrl in CRD Mode is incompatible with Kubernetes Ingress objects. What would be the deployment model in which we have flexibility to use CRDs but also use standard Kubernetes Ingress or OpenShift Routes objects via F5? Regards Rares36Views0likes2CommentsHow BIG-IP Token/Authentication works ?
I'm unable to find anywhere here/documentation/articles anyone that could explain a little bit better the authentication token when you get the response from the Rest. I'm sending the POST to the Rest, and the Rest is returning the Authentication. Here is an example: token : AD2GKZPXKVTE4WKJEQUZTIPOM3 name : AD2GKZPXKVTE4WKJEQUZTIPOM3 userName : admin authProviderName : tmos user : ... groupReferences : ... timeout : 1200 startTime : 2016-07-22T09:24:11.808-0500 address : 10.10.10.10 partition : [All] generation : 1 lastUpdateMicros : 1469197451807722 expirationMicros : 1469198651808000 kind : shared:authz:tokens:authtokenitemstate selfLink : https://localhost/mgmt/shared/authz/tokens/AD2GKZPXKVTE4WKJEQUZTIPOM3 Does anyone knows what is "lastUpdateMicros", "ExpirationMicros" and what is Timeout actually means ? I'm having several issues in my scripts when I call the Rest and the call just fail. If I try to get a new token the call works. I wonder if could be due the token is expired after is used once. Will the token expire only after 1200 seconds or that is not true ?2.2KViews1like15CommentsTCP RST from remote system error in F5
Hi, I am unable to access the URL externally that i have defined in F5 for reverse proxy and it shows an error connection refused by host and the below error in F5 R 162:162(0) ack 982 win 5121 out slot1/tmm1 lis=/Common/vs_ext_skype__https flowtype=64 flowid=570065ECFE00 peerid=570065CB5D00 conflags=4820124 inslot=63 inport=55 haunit=1 rst_cause="[0x19080da:2106] {peer} TCP RST from remote system" peerremote=00000000:00000000:0000FFFF:0A606211 peerlocal=00000000:00000000:0000FFFF:0A606204 remoteport=4443 localport=60380 proto=6 vlan=98 Can this be any error in F5 config2.6KViews0likes4CommentsHow to lift the connection limit for a given IP address ?
help me --------------------- when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals 10.3.125.142 ] } { TCP::limxmit disable log local0. "#######limit disable action " } } ---------------------------- This script doesn't work, is there another way?21Views0likes1CommentSimple WordPress login protection using referral
I'm trying to protect the default login page (/wp-login.php) on our WordPress site, using a "secret" (/secretlogin) page as a referral, and only then should you be able to login: (otherwise you get redirected to a restricted access page) when CLIENT_ACCEPTED { set static::triggerWP 0 } when HTTP_REQUEST { if {[string tolower [HTTP::path]] contains "/wp-login.php" and $static::triggerWP == 0 } { HTTP::redirect "https://[HTTP::host]/restricted-access" } if {[string tolower [HTTP::path]] equals "/secretlogin"} { set static::triggerWP 1 HTTP::redirect https://[HTTP::host]/wp-login.php } } And this seems to work pretty well in our test environment, but when I added this to our Prod environment, which has lots of traffic, it is very rare for this to work. I'm guessing the heavy traffic resets the triggerWP variable to 0, and that this variable isn't unique to each person who connects? Any idea how I could handle this better? Thanks!749Views0likes5CommentsNeed to add multiple scanner IP to ASM policy
Hello Team, In our environment we have onboarded 40+ application on F5 ASM WAF and for all application we have created individual security policy but now there is one requirement, we need to whitelist multiple Scanner IP from ASM policy, so if i will add each IP manually then it will be very time consuming task. So if i create parent policy and add all IP in IP exception so can it will work if i add all security policy as child policy ? is there any Impact because we have performed multiple changes in security policy as per application requirement and we do not want to touch those changes. Sunil19Views0likes1CommentCan't create virtual-server with port-list
Hello team I'm trying to create a VIP with the port list, but i got an error message: "Declaration failed: Invalid Virtual Address, the IP address x.x.x.x already exists." The device has no configuration at the moment. Trying to understand what's going on, maybe somebody has the same issue? declaration: { "class": "AS3", "action": "deploy", "persist": true, "declaration": { "class": "ADC", "id": "id", "label": "label", "remark": "Applications", "tenant1": { "class": "Tenant", "app1": { "class": "Application", "vip_X.X.X.X": { "class": "Service_Address", "virtualAddress": "X.X.X.X", "routeAdvertisement": "enable" }, "svc1": { "class": "Service_TCP", "virtualAddresses": [{"use": "vip_X.X.X.X"}], "virtualPort": { "use": "port_list1" }, "virtualType": "standard", }, "port1": { "class": "Net_Port_List", "ports": [port_list], }, }, } } }11Views0likes0Comments