iRule Pool member(s) offline or disabled
Hello community, is there any way to check if the pool members offline/down (e.q. network or server error) or disabled (by a monitor during a maintenance) using a iRule? The background would be the delivery of an event-specific user information page. Network or server error => Error Page with Helpdesk-Support infos Maintenance => simply maintenance site Thanks & BR René
Failing over of a Virtual F5 configuration to another location using Zerto restore process
We are preparing a process for disaster recovery to use Zerto to copy a server had has our virtual F5 configuration to another server at another facility. What needs to be completed by means of moving license keys and changing MAC to recognize the F5 configuration.
AS3 declaration to set cookie to preferred
Hello, I am deploying a new environment with AS3, lovely 🙂, but I am having issues setting the cookie persistence option cookie-encryption to preferred. By default, it is set to required. I checked the AS3 documentation but could not find how to do this. Any ideas? Thanks
High availability Blade
Hello everyone, I would like to know if is possible to configuire high availability on two Blade BX110. At the moment I have only one blade where there are all Tenants and, the capacity of using it, is 85% . The customer want to buy another Blade but, it wants that for every Velos, te two blades build a unique partition. Is it possible to do it by considering that in one blade there are all Tenants in a production environment ? Which type of impact there will be ? To sum up could i configure both blade in high availability with no run the risk to block the services of the Tenants ? I have read that is possible to make a setup of the blades but is not mentioned that this activity could provide, if on the one are presents Tenants, to reset the configuration. Many thanks in advanced for your help. Awaiting your news,
Problem with lets encrypt and redirect after update
Hi, we have updated our BigIP last week from 15.x to 17.1.1.4, since then we are not able to get certificates from lets encrypt, if there is the _sys_https_redirect iRule active on the Virtual Server. As an example, i have for the IP 1.2.3.4 (asdf123.info) two VS with port 80 and 443, on port 80 are two iRules mapped: lets_encrypt: when HTTP_REQUEST { if {[HTTP::has_responded]} {return} if { not ([HTTP::path] starts_with "/.well-known/acme-challenge/") } { return } set token [lindex [split [HTTP::path] "/"] end] set response [class match -value -- $token equals acme_responses] if { "$response" == "" } { log local0. "Responding with 404 to ACME challenge $token" HTTP::respond 404 content "Challenge-response token not found." } else { log local0. "Responding to ACME challenge $token with response $response" HTTP::respond 200 content "$response" "Content-Type" "text/plain; charset=utf-8" } } and _sys_https_redirect: # Copyright 2003-2006, 2012-2013, 2016, 2019. F5 Networks, Inc. See End User License Agreement ("EULA") # for license terms. Notwithstanding anything to the contrary in the EULA, # Licensee may copy and modify this software product for its internal business # purposes. Further, Licensee may upload, publish and distribute the modified # version of the software product on devcentral.f5.com. # when HTTP_REQUEST { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } definition-signature tJY87UPbfpgQ3TPXqXhbCAgqIJhR1MvyFxXLTX/wNqmH+XV51tNkr8HWmv4PBq8hm6w7peLKj88shG+0RiX+yAMU31n6jS9vRcg0VKNPBWLTzu3Ic8abqyyY6XYgkMel+d9Sa8x+vakcuPcAZ0dnICHQiQFePjxYUD0XKwIrbGqQb8vEcU3HHbDaLoMQry4KDnV3s1crFpWXBZBo6esIdzM/s0jYncqZBNdTmIEH3ujEunmo2Jh9MBDhwfGKy1XwCfeeZvzk8b1J+HbRk7W/vbrRUewJZDt+Z13i9u/MbneAL4QXZgtjSxU2nN4GcZjWePUIm7oxc1nz9FGeNva1xg== This configuration had worked for years now, but since the update to 17.1.1.4 we get a "connection reset by peer" at requests for http://asdf123.info/.well-known/acme-challenge/30IpwjJqyA7LKANXCvu7gyN9txfYQOqzllBNC3ROPnY if i remove the _sys_https_redirect iRule, it works fine. Has anyone an solution for this problem?How to log HTTP/2 reset_stream
Hello, We are currently in a meeting to prepare for HTTP/2 DDoS attacks. What we would like to do is log the client’s IP address (either local or remote) whenever an HTTP/2 RESET_STREAM is received. Is there any way to achieve this? Would it be possible to implement using an iRule? Thank you.Identify which virtual servers are using a specific SSL certificate
We use a wildcard SSL certificate for our QA sites. There are many of them. I am renewing the SSL cert but have no idea which Virtuals are using it. Is there an easy way to determine this other than checking each and every virtual, listing the Client-ssl profile and then looking up the profile to see what certificate is being used?
