Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Forum Posts

iRule to persist on tcp_content

Hi all, I'm trying to write a rule that will search the first 2500 bytes of tcp_content for the "USERNAME=" string and then persist on the next 7 characters after that. Here is my original attempt.   rule client_tcpusrid_persist { when...

Get formatted as HTTP 1.0

Just a quick question.   Any assistance greatly appreciated.     I have found the HTTP::version command and am trying to build a rule.   I dont quite understand how to format the syntax to change an http get   to http 1.0.     Basically if ...

session {add|delete} ssl question

I found this code from Code Share.     rule c_cert_session { when RULE_INIT { set ::key [AES::key 128] log local0. "the key is: $::key" } when CLIENTSSL_CLIENTCERT { session add ssl [SSL::sessionid] [X509::verify_cert_error...

V9 configuration related question

This isn't exactly a v9 iRules question, but I'm not aware of a v9 system configuration forum in general...     we've got two BIGIP 3400 units running in an active/standby configuration. Both units are connected and Config Sync'ed. We entered al...

Simple https to http redirect

We set up a rule today to forward traffic sent to a secure site to a down page for maintenance.   The rule was simply:     redirect to "http://www.domain.com/path/to/down/page"     When I apply that rule to a http service, things work okay, bu...

matchclass + IP::remote_addr ?

Hi there,     I'm experiencing some odd behaviour when I attempt to develop an iRule that contains both a uri match and remote ip address check. The irule is below.     The odd behaviour appears as a "Document Contains No Data" popup mes...

Kill Session Question

Does the API have the ability to kill a user session(s) for an account which is activated via a browser?     Let's say you have an IDS/IPS looking at the wire could it make a call to FirePass to kill a particular user session assuming it knew the ...

Can I create my own Roles?

  I am in the process of designing a front-end application that will utilize the iControl SOAP interface to achieve it's goal (creating some Rules on the fly).     I assume that I'll be creating a user specifically to be this applications interfa...

Compression iRules - GZIP vs. Deflate Preference

F5 DevCentral,     Hi, our understanding is that when doing a Profile that utilizes Compression that BIGIP will prefer the Deflate vs. GZIP method. We would like to have a rule that utilizes GZIP by default.     The current rule we are using...

limit frequent http GET

my website use bigip3400. and now a problem occured.someone from one session accessed our website, but about 3 http gets in 1 second. how can I limit it?

Determining Virtual Server Type

Is there a way for me to determine whether a virtual server in a WideIP pool is pointing to a BIG-IP device without actually having to connect to the virtual server address?

Rule Processing Problem

When a rule to a Load balanceing site it look like it is only being run the first time the user connects to the site, not at each HTTP request like we need it to. We have 6 rules chain together that need to be processed at each http request. Below ar...

IPv6 address prefix difinition

Please teach the definition method when the IPv6 address is used.     I did not do the operation for which I had hoped though I tried various rule.     I want to make the rule that limits only the access from 3ffe:1234:1234:5678::/64 pre...

HTTP Redirect Question

We just installed our new 6400 with ver 9.0.4 when writeing our rules we user to doc LTM guide for GTM and it show doing HTTP redirects like so   when HTTP_REQUEST { if { [[HTTP::uri] matches_regex "secure"] } { [HTTP::redirect "ht...

SSL, Cookie persistence, and Redirection

I have two sites that use BigIP, with 3DNS doing the global load balancing. We have no global persistence due to the ldns design of our clients, so request are round-robin currently. The application that we are delivering does a refresh every 60 se...

JRahm by Community Manager
  • 3 Views
  • 3 replies
  • 0 kudos

Data-type mapping issue with Apache SOAP

I'm having another issue with data-types using Apache SOAP. The web service method that is failing is "get_pool_list". It's throwing an exception stating the following:     java.lang.IllegalArgumentException: Unable to set 'number_virtual_servers'...

Url character length limitation?

I'm in process of converting our v4.5.10 rules to v9 syntax. Our original scripts had workarounds to get around the 63/64 character limit on URIs. I believe that was in strict compliance with RFC or some standards. Anways an example of our workaro...

wlnode function

Is there a specific example of how to employ the "wlnode" function to allow for Weblogic persistence?     I am working to configure persistence via the JSESSIONID when cookie persistence is not available. I have built a rule that parses out the...

Turning off compression based on client IP

We need to turn off compression based on a single client IP. What we find is that we get a 404 when the client hits the VIP when that rule is applied. In the tcpdump we see a reset being sent back to the client.     irule     when HTTP_REQUES...

Pulling historical statistics via iControl

There are a number of performance graphs generated for the F5 "overview >> Performance" page which display historical performance data.     Is there a method allowing retrieval of historical performance data via iControl?  

Firepass API & active directory

F5 Firepass API. A problem appears when synchronizing with active directory data base. The OpenByName does not complete when active directory is enabled. However, the OpenByName is working when using internal data base.     I know this is very vag...

Applying rules to Real Media Streams

I'm tossing this out here as a last ditch attempt --     We'd love to be able to filter real media files that are requested through an F5 using rules, but can't figure out a way to do it.     The more granular http rules don't work because this...

matchclass and syntax errors

  I've got a simle iRule below based on the example in the Writing iRules section of the LTM guide.     In a nutshell, I am attempting to direct requests to specific urls based on the client's ip address. I've copied the matchclass syntax dire...

iRule for splitting SQL Write and Read

I have a requirement to demonstrate using LTM to split SQL Read operations and write operations to two separate pools of SQL database servers. Has anyone tried to do this or could the recommend a starting point?     Thanks, Keith

FTP reverse-proxy

Has anyone tried to use F5 (v9) as an FTP reverse proxy?   We use F5 as a reverse-proxy for HTTP and would like to cover FTP traffic as well (validating the L5-L7 traffic to confirm that it is really FTP).     Have there been any FTP-specific iRu...

Rewrite a uri (not redirect)

I have a need to rewrite a uri, and make this look transparent to the end user. What I have come up with is this:     when HTTP_REQUEST { set loop 0 set max [llength $::shorturi] while {$loop < $max}{ set tmpstr [linde...

iRules matchclass

I'm having trouble getting an iRule to work with matchclass. This is the rule I'm trying to use:   when HTTP_REQUEST { if { [matchclass [HTTP::host] equals $::CorpWebHostNames] } { use pool CorpWeb } else {...

Setting pool member ratio

We want to use an adaptive type load balancing method.   Can we use LocalLB.PoolMember.set_ratio to dynamically affect the Ratio load balancing method?   Or do we use the Dynamic Ratio load balancing method and use LocalLB.PoolMember.set_dynamic_ra...