AAM
85 TopicsNeed help - Configure forwarding proxy chain
Hi team, Initially I have configured forward proxy without any issue: Client (Intranet) -> F5 (explicit-http) -> INTERNET Now, we want to put proxy pool between F5 and INTERNET like this: Client (Intranet) -> F5 (explicit-http) -> HTTP Proxy Pool -> INTERNET I tried to follow this article - https://devcentral.f5.com/s/articles/configure-the-f5-big-ip-as-an-explicit-forward-web-proxy-using-ltm-32268 , however F5 (explicit-http) doesn't seem to tunnel the traffic to the HTTP Proxy Pool. Please guide me what is missing? Thanks, RiwutSolved852Views0likes4CommentsNot able to cache any pages using WebAcceleration (AAM)
Hi, I have been struggeling a while with the WebAcceleration module to cache pages. I have not been able to retrieve a single object from the cache. I have tried both defining the web acceleration policy manually, and using the iApp to create one for me. But I get the same result. As an example, I want to cache static content as such CSS files. When I request a CSS file through the VS, I get the X-WA-INFO header value: [V2.S10206.A62284.P100017.N13694.RN0.U0].[OT/all.OG/includes].[P/0.0].[O/0.1] This is the output from wainfodecode V2: X-WA-Info Format Version S10206: Response was served from the origin web server, because the content was uncacheable. A62284: Application: /Common/aam_testapp.app/aam_testapp_aam P100017: Local-policy: /Common/Generic Policy - Enhanced N13694: Request Policy Node: Includes RN0: Response match did not supersede request match UCI hash: 0 Object type: all Object group: includes Request served from TMM: 0.0 Request owned by TMM: 0.1 Entity hit count (local/remote): 0/0 Document hit count (local/remote): 0/0 Document not cacheable (negative cache entry). Reason: Response cache control prevents caching. Bypass: Content received is not cachable. Parking: Not parked. As you can see, it says it cannot cache the content because of response cache control. I assume this is from the originating web server to the AAM/LTM module. Here is what the originating web server are sending back to BigIP: Request headers: GET some.css HTTP/1.1 Host: www.example.com Connection: keep-alive Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/45.0.2454.101 Chrome/45.0.2454.101 Safari/537.36 Accept-Language: en-US,en;q=0.8 Cookie: JSESSIONID=; TS017a82e1=; F5_ST=; TIN=894000; LastMRH_Session=7f2d31be; MRHSession=; TS0133f518=; adfs-persist=180879370.39455.0000; TS01a3abd7= If-Modified-Since: Sat, 12 Dec 2015 00:50:43 GMT X-Forwarded-For: 10.0.0.4 X-Client: WA Response Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 X-ASEN: SEN-6157603 X-Confluence-Request-Time: 1449883792235 Expires: Sun, 11 Dec 2016 01:29:52 GMT Cache-Control: max-age=31536000 Cache-Control: public Last-Modified: Sat, 12 Dec 2015 00:50:43 GMT ETag: "1449881443000" Content-Type: text/css;charset=UTF-8 Transfer-Encoding: chunked Date: Sat, 12 Dec 2015 01:29:52 GMT If I understand the headers correctly, there should not be any cache-control saying that the content is uncacheable. What I have tried so far: Same setup against a wordpress/apache site. Configured the Expire and Cache-Control in htaccess - still not able to cache any files Tried both iApp and manually WebAcceleration settings. Tried an WA Application Profile that should cache anything. Any suggestions on how to move forward is much appreciated! -E320Views0likes1CommentViewing ramcache from an iApp web acceleration profile
If I run tmsh show ltm profile web-acceleration it will only show the non iApp profiles. I have recently learned I can run this instead to see all of them: tmsh show ltm profile web-acceleration recursive . Now that I can see the the profiles (like ) I want to be able to display and delete the contents of the BIG-IP HTTP cache from the command line using the tmsh ramcache command (K13255). but if I type tmsh show /ltm profile ramcache www.example.com.app/www.example.com_optimized-acceleration it says Invalid Profile Name. Thanks for your help!311Views0likes1CommentWeb Acceleration Not Caching Content
Hi, I have 2 environments running F5s with as far as I can tell identical configurations. Farm1 is running BIG-IP 11.5.1 Build 3.0.131 Hotfix HF3. Farm2 is running BIG-IP 11.5.2 Build 0.0.141 Final. Both configurations have identical web acceleration policy profiles that I would expect to do the same thing, however, caching does not appear to be working as expected on Farm2. Farm1 F5 Response Headers(style.css) Accept-Ranges:none Age:10 Cache-Control:public, max-age=172800, s-maxage=14400 Connection:Keep-Alive Content-Type:text/css Date:Tue, 19 Jan 2016 20:15:18 GMT ETag:W/"WAe0a9d0e2672ee330" Expires:Thu, 01 Dec 1994 16:00:00 GMT Last-Modified:Sat, 16 Jan 2016 01:06:10 GMT Persistent-Auth:true Set-Cookie:MRHSession=09d...; expires=Tue, 19 Jan 2016 20:30:18 GMT;path=/;secure Set-Cookie:LastMRH_Session=09d...; expires=Tue, 19 Jan 2016 20:30:18 GMT;path=/;secure Farm2 F5 Response Headers(style.css) HTTP/1.1 200 OK Cache-Control: public Content-Type: text/css Expires: Wed, 18 Jan 2017 20:21:35 GMT Last-Modified: Wed, 13 Jan 2016 16:53:28 GMT Persistent-Auth: true Date: Tue, 19 Jan 2016 20:21:34 GMT Content-Length: 3582 Set-Cookie: persistA=335937546.47873.0000; expires=Tue, 19-Jan-2016 22:21:35 GMT; path=/ Connection: Keep-Alive Set-Cookie: MRHSession=b99...; expires=Tue, 19 Jan 2016 20:36:35 GMT;path=/;secure Set-Cookie: LastMRH_Session=b99...; expires=Tue, 19 Jan 2016 20:36:35 GMT;path=/;secure It seems like Farm2 F5 is not processing anything with web acceleration and the response headers behind the F5s are identical on both farms. I've reviewed /var/log/wa/ logs and could not find anything that seemed suspicious. Is there someway to tell why web acceleration would be bypassing content? Thanks!Solved550Views0likes4CommentsRespond with cached content after timeout
As commented in the explanation for the "after" command (https://devcentral.f5.com/wiki/iRules.after.ashx) we can make some actions with the http request. It's possible to respond with cached content if web acceleration application is also configured with stand-in period codes? Something like that: when RULE_INIT { set static::response_timeout 15000 } when HTTP_REQUEST { set monitor_id [\ after $static::response_timeout { Respond with cached content }\ ] } when HTTP_RESPONSE { log local0. "Received server response. " if {[info exists monitor_id]} { log local0. "Canceling after script with id $monitor_id" after cancel $monitor_id } Thanks in advance.264Views0likes1Commentirule to select pool in time and bwc
Hi I need to do an irule to select specific pool to load balancing to have internet, and irule to do a bandwidth controller; I try to join 2 irules in one and do the next irule. But the client loss internet connection. My scenario is I have 2 service providers and do load balancing to navigate in internet, but the other thing that they want to do is doing a bandwidth control management, but when I do that not work. Please your help. when CLIENT_ACCEPTED{ Get the current time in seconds since the Unix epoch of 0-0-1970 set now [clock seconds] set start [clock scan "5:00 pm"] set end [clock scan "11:59:59 pm"] set start1 [clock scan "12:00 am"] set end1 [clock scan "2:00:00 am"] set mycookie [IP::remote_addr]:[TCP::remote_port] Check if the current time is between the start and end times if {$now > $start and $now < $end} { pool pool_navegacion BWC::policy attach bwc_nocturno $mycookie log local0. " pool navegacion" log local0. " bwc rule" } if {$now > $start1 and $now < $end1} { pool pool_navegacion log local0. " pool navegacion segundo if" }330Views0likes1CommentChrome err_connection_reset
Hi, We just create a new iApp with the wizard. All the health monitors looks fine so the pool is up and evrything appears that is working fine, but when we try to ingress to the new website we received en err_connection_reset. We ran an capture and we see that the VS is sending and RST. This happen with both plaintext and ssl offload. Do you, what could be the issue? Thanks in advance.912Views0likes6CommentsZero downtime deployment with f5 GTM+LTM ?.
Hello, We have a GTM+LTM set up for our application which is running on 12 servers. This servers are separated in 4 LTMs with 3 servers each with monitoring set to a static page and "Action on service down" set to "None". We want to have a zero downtime deployment set up and currently we do it like this: Mark half of the servers as down (results in 2 LTM having only down servers) but keep them running for as long as we can detect running requests Deploy to this half and mark them as up Mark the second half as down and deploy Even after all of this some of our users are complaining about dropped requests when we deploy. From the logs https://krogerfeedback.nl https://talktosonic.onl https://talktowendys.vip https://whataburgersurvey.onl i see that the requests are being dropped immediately after we mark the servers as down even though they are still running and" Action on service down" is set to None. So my question is might this be related with GTM marking the whole LTM pool as down and dropping all the running requests? thanks jackyjoy389Views0likes1CommentDifferent auth type per path/user-agent/header?
Hi, Is there a way to force different authentication methods for different paths under the same VS? Or do the same, but per user-agent? Say SAML for Browsers, NTLM for everything else. I can't see anything under the policy builder, so maybe irules can do it somehow? (I don't want to use per-request policies, if possible) Thanks512Views0likes4Comments