AWS
225 TopicsBIG-IP controller for public clouds
Hi, I am reading about BIG-IP controller deployments - https://clouddocs.f5.com/containers/v2/kubernetes/kctlr-modes.html I want to know if I can run BIG-IP controller in AWS- EKS, Azure AKS and GKE also? Can I have deployment like: client -> BIGIP running on AWS/Azure/Google cloud -> Public cloud managed K8s cluster + BIG-IP controller? IS there any plan to support it? if not supported today.398Views1like0CommentsFalse Positive on AWS WAF F5 Managed Rule F5#OWASP_Managed#rule_div_tag__behavior__Parameter__AllQueryArguments_Body
Hello I'm not sure if this is a question for AWS support or F5 but I'll start with F5support. We recently enabled 2 sets of rules on a AWS WAFv2 from F5 (F5-CVE_Managed and F5-OWASP_Managed). Once we did we started seeing a false positive for an API call with the following rule... F5#OWASP_Managed#rule_div_tag__behavior__Parameter__AllQueryArguments_Body After some further investigation we discovered the rule is tripped when we make a request which contains embeded HTML in the body and this HTML contains a div tag with a base64 encoded image. Can you give us more background information on exactly what this rule is doing and how we should go about avoiding this false positive? Andy990Views1like4Commentscname and a record
Is there a way to get the GTM to respond with the cname and corresponding a records. Have a WIP set up as A record (short domain name) to a CNAME pool (long AWS record). The bespoke devices looking up DNS to the GTM the are unable to perform a 2nd lookup on the returned CNAME. The GTM forwards requests on the long AWS record onto AWS DNS servers to resolve the dynamic A records. So in summary need the GTM to return the end A records to the client on the first request to the WIP?654Views1like4CommentsAWS Configuration Utility not responding during instance start
Hello, I have some F5 BIG-IP VE - ALL (BYOL) instances on AWS, in version 15. I enabled the APM module. If I stop the instance (in AWS console) and start it again it get stuck on the "Please wait while the Configuration Utility starts" page. I have to reboot the instance so that it starts correctly. Any idea? Thanks321Views1like0CommentsAWS - AFM SSH Proxy error SSH authentication
Hello all, I follow the documentation of F5 to implement the SSH proxy : https://techdocs.f5.com/kb/en-us/products/big-ip-afm/manuals/product/big-ip-network-firewall-policies-and-implementations-14-1-0/15.html I am using an ec2 amazon linux to test with ssh password authentication. I configure the F5 AFM SSH VS and generate all the ssh key as asked in the big ip and the server machine. When I test, i am prompted to enter my username but directly after this I get an error: software caused connection abort When I check the log in /var/log/sshplugin I have this error message : the backend ssh server does not have a public key that matches the configuration I searched in the net and I found that it's could be related with the trailing comment but for my case I didn't add it in the key. Did someone have an idea of how we can solve this issue or know the root cause ? Thank you in advance, Best regards Omar566Views1like2CommentsAWS F5 Managed WAF rules not blocking simple SQL injection
We have subscribed to the "F5 Rules for AWS WAF - API Security Rules". Product page: https://aws.amazon.com/marketplace/pp/B07M948X2H. A Web ACL has been created in our AWS account using this group of rules. It has been then associated to an API published on the Amazon API Gateway. For some reason, even basic SQL injection are not blocked. For instance, a request with a url-encoded string like ' OR '1'='1 (see https://en.wikipedia.org/wiki/SQL_injection) in querystring is not blocked. Switching to a group of rules managed by a competitor (Fortinet) resolved our problem. We are surprised the F5 rules are so permissive. Maybe we are missing something. Any thoughts ? Thank you. Related question: https://devcentral.f5.com/s/feed/0D51T00006i7iONSAY1KViews1like15Comments