Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Forum Posts

Dynamic redirect to fallback host

Hi Everybody,   I'm new to BigIP V9 and iRules, so I need your assistance with writing an iRule for a BigIP Loadbalancer that balances several webserver pools.  I have to build a rule that allows redirection of incoming http requests to a maintenance...

HTTPS redirect on URI

Not huge into writing rules, but I had hoped I would be able to hack my way through a simple task. Obviously that notion has fallen on its butt.   I need to redirect requests containing a specific string within the URI to only one server; everything...

Certiicate Required

I would like to create a public website, but require one of the company ssl certs to load the site. Does anyone have any examples on how to do this.   Here is an example.   I want to go to https://place.company.com. I want to check to make sure the...

Session Lookup not working?

Hi, Can anyone tell me why a client cert that I am adding for a session in CLIENTSSL_CLIENTCERT is not able to be found in HTTP_REQUEST ??CLIENTSSL_CLIENTCERTsession add ssl [SSL::sessionid] $ssl_cert 180HTTP_REQUESTset cert [session lookup ssl [SS...

Sorry if this sounds outrageous, but ...

Is it possible to create an iRule to send the request to ALL members in a particular pool when an HTTP request is received from a client? When the response to the client is sent doesn't matter - may be after all the responses are received or after th...

Simple iRule help (I hope) -- non-www to www.

 How do I set up an iRule to redirect non-www requests to the www of that domain.   Example:   domain1.com --> www.domain1.com  domain2.com --> www.domain2.com   We have about 100 of these sites so ideally I'd like to be able to set up one iRule for...

Syntax Translation from v4.1 to V9.1

Here is part of a code from V4.1   vendors is defined as a data set. I need a translation  from v4.1 to v9.1 on the IF statement   Code:  elseif ($uri starts_with "/Data/uplink" {   if (client_addr == one of vendors) {   pool P_...

Security hardening question

Hi all,  I need to implement the requirement below in both 4.5.11 and 9.1  Any help/clues to get started on this will be appreciated.  Thanks in advance.  /Farid   Req: Ingress (inbound) and egress (outbound) source routed packets SHALL be blocked...

Add a new data on the UDP payload

Hi,   I wish to find a way with an iRule to save a src_adress (client) at the end of the  UDP payload before SNAT. ( use RADIUS )     I implemented the irules according to :   . Update the end of payload with this adress : UDP::payload rep...

Encrypt Command

Hi guys,   I am trying to encrypt my cookie using HTTP::cookie encrypt command. It works fine, but it affects performance. Without encryption page loads in 0.6 seconds. But with encryption it takes 3 seconds. Is there way to optimize the encryp...

more fun with iRules

I had some time to play today, and I was interested in the new stats profile offered in 9.2. Here is a rule I put together to get more granular view into the http status codes returned by the server, along with an attached picture of the GUI output....

JRahm by Community Manager
  • 210 Views
  • 2 replies
  • 0 kudos

iRule help

Hi guys,   I need help with the iRule that i had written. I wrote the iRule for form based radius login. The rule works fine. I can login, the iRule times out at the specified time ot interval. Except for one issue. The images in the login f...

Disabling a Node when a Health Monitor Fails

I am looking for information on how to disable a Node when the Node moves to a down state in order to keep it out of the rotation while diagnostics are performed against the device. Is there an example of this out there that I can use? Thanks.   jWh

Outbound SNAT w/ IRules

I am new to IRules so please pardon any obviously ignorant part of the inquery. I know that IRules can be used on inbound connections coming into a virtual server. What I would like to do do, however, is to write an IRule to do a unique outbound SNAT...

Node Checking and Session State

We maintain Session State info in our database. We write cookies to clients to keep track of sessions.   BigIP is doing content checking on web server nodes and doesn't accept cookies so everytime a content check is performed our site thinks that Bi...

Compression

We have just installed a pair of BIG-IP 1500's. The compression is great except we have an issue with the html showing on the client browser (mixed in with the page) and it goes away when I disable the compression, or hit refresh. Has any one else ex...

isnat configuration - versiion 4.5

please assist -   ===============  I have found a lot of information on isnat configurations with 9.0, but there isn't much mention of 4.5 rules anymore.  ===============    Architecture:   The BIG-IP is deployed in a multi-arm configuration with 3 a...

NO-Caching certain files with BIP

Trying to write an IRule to make client computers not cache certain file types. We can not have our client computers download any files that start with "slide" or "ps" into their temporary internet files.   I have tried the following however the fil...

Date/Time sensitive iRules

Another question if I may.   How can I query the current time of day with an iRule. I'd like an iRule to apply at only certain times of the day, and rather than writing cron entries to update the config (ugly) I'd like to do this with the iRule itsel...

CPU utilization upon adding irule condition

Hi, I have a 540 device in place to cater for quite a few websites and peak SSL connections at a time can be around 300. The 540 SSL accl. is capable of supporting 800 per sec. Current CPU util is 30-40%.   Currently there are 4 irules in action whic...

Slow at processing rule?

Newbie here   I have an Rule created in 4.2     if (http_host == "signup.something.com" or http_host == "signup.somethingelse.com" or http_uri contains ".php") {   use ( upix_unix_php_80 )  }  else {   use ( upix_unix_80 )  }    When consumers co...

single URL to multiple application instances

Greetings, I'm new here, tried searching around and couldn't locate anything close to this. I'm not an F5 admin. My contact has been out of the office, figured I'd ask in here. Trying to see if using the F5 iRules is a viable solution to this, we...

iRule Script in Ver 9 is not functioning

hello here is my problem, i have a set of bigip for bunch of web farm on ver 4.5.10, which i have this iRule for it and it is functioning Very Well... if (getfield(http_uri, '/', 2) matches_regex "[Ww][Ee][Bb][Aa][Pp][Pp]") { redirect to "htt...

iRules, URL Routing and Cookie Persistance

Hi Everyone,   We have a BigIP 1500, configured with several virtual servers and pools. We use an iRule to make routing decisions to direct traffic to the correct pool based on request URL, since the site is distributed across several pools.   The iR...

iRule help with ports and pools

I need to create an iRule that will redirect incoming connections for certain ports to specific pools. I'm not sure how to do it. I found an example for something similar for v.4. I need to do the same thing but for v.9. I also need to specify a ...

Devcentral Feature request...

In my profile their is a list of my forum thread "subscriptions". Is there any way to make it so that I can click on the items in the list to view them?   Thanks,  Brian

iRule to rewrite cookie domain

Can an irule be used to rewrite a cookies domain by intercepting the HTTP response, I am super new to iRules but I assume it would look something like this, im just not sure how the syntax should be   when HTTP_RESPONSE {   set cookieDomain [HTTP...

PROFILE::tcp idle_timeout

Is there a way to use the PROFILE::tcp idle_timeout to set the idle timeout value? I know that by default, I can just query the value - but using something like:   when HTTP_REQUEST {   if [HTTP::uri] starts_with "portal" } {   PROFILE::tcp idle...

Data Group List Naming Anomaly

 I created a few data group lists in order to be able to perform exact strings matches with the "matchclass" function. The three data groups were named with hyphens, such as:  verisign-issuer-strings   The GUI accepted everything and allowed me to ...