Disk space full - what files, folders are safe to delete?
Hi I've searched Dev Central for help with clearing disk space. I am happy to use bash as I have now figured out how to display files within var/log directory and use the "rm" command to remove files. I can see the files within the var/log I have read articles about maintaining disk space. I have deleted ucs, software images. These files are at ".1 or .2.gz" 0 or not even on any of the F5 var/log directories /dev/mapper/vg--db--vda-dat.log 2.9G 2.9G 0 100% /var/log /dev/mapper/vg--db--vda-dat.share 15G 5.4G 8.5G 39% So far I have the above. What files are safe to delete from the /var/log or any other directories? Or can I delete file contents silently without affecting performance or service? What would be good bash commands to rm or clear files/ folders?5Views0likes0CommentsASM instance creation
HI Team , I have to create an WAF instance similar to the one which is already available . I need help on creating the ASM policy similar to the one which is already used by other VIP . So my ASM policy name is ASM_NETWORK_443 and I have to create an identical policy with name ASM_DRNETWORK_443 . Is there any option to clone the ASM policy or export and import the policy and rename the Policy name ? Kindly help me on this .28Views0likes2Commentsenable tls1.2 on management interface on F5 ltm running version 10.x
Hi Experts , Legacy F5 is having below image and we would like to enable tls1.2 for httpd for management interface so that we can access Web using new browsers. Sys::Version Main Package Product BIG-IP Version 10.2.4 Build 817.0 Edition Hotfix HF7 Date Mon May 20 15:08:56 PDT 2013 We are folllowing stpes mentioned in the "https://my.f5.com/manage/s/article/K40232071" , unfortunately this is for 11.x and above versions. We are getting below error while changing the ssl to tls1.2. (Active)(tmos)# modify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1' 01070920:3: Application error for confpp: Syntax OK Error in cipher list 25658:error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:836: 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1' invalid. ************************************************************* Apr 26 13:17:23 CEGP001.IN.com confpp[25610]: syntax check command FAILURE for unix_config_httpd returned: '256' [ OK ]ing httpd: [ OK ] your valuable suggestion helps us to fix GUI issues. from the Browser we are getting , The connection for this site is not secure 10.70.89.37 uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH28Views0likes2CommentsThe App Delivery Fabric with Secure Multicloud Networking
This tutorial with accompanying workflow guide deploys customer edge sites and uses Distributed Cloud Multicloud Networking App Connect to establish a Secure MCN App Delivery Fabric, enabling only Layer7 app connectivity between two cloud sites. Manual and automation workflows show how to make this NetOps and DevOps task come to life.142Views1like0CommentsUsing Distributed Application Security Policies in Secure Multicloud Networking Customer Edge Sites
This tutorial and workflow guide deploys and uses F5 Distributed Cloud App Security policies with apps at local customer edge sites. Deploy a policy in any customer edge site regardless of location in the cloud or on-prem. Manual and automation workflows show how to make this NetOps and DevOps friendly solution come to life.207Views0likes0CommentsSMS server with BIGIP
i have sms server with login page , where you have to enter your name and phone number then you will receive the sms. i have create virtual server with public ip with pool server port 80 . the login page display as expected but i have not receive the sms .is there additionl configration? iRule ?19Views0likes1CommentLDAPS and renegotiation
Hello, hope everyone is well! we have a requirement to present 2 different issuer/signed certificates based on the incoming client IP. I am pretty sure from an HTTP perspective I would do something like this when CLIENT_ACCEPTED { if {([class match [IP::client_addr] eq signer_list_of_client_A_IPs]) } { SSL::profile cert_with_issuer_type_A } else { SSL::profile cert_with_issuer_type_B } } when HTTP_REQUEST { SSL::renegotiate } Question I have is whether this would work for LDAPS clients and how (if needed at all) the renegotiation step would be achieved, given that the HTTP_REQUEST will not be available. Many thanks Jon13Views0likes1CommentNeed help on i-rule to specific uri path
Hello All, I'm working on an i-rule that I need to do the following; given a set of specific source ip addresses, only allow access to specific uris of /ws/rest/external*. I set the specific source addresses in a data group, referencing the data group. When I apply this i-rule to the virtual server, on testing I get an Insecure HTTPS message. I am on version 15.8.1.2. We plan to upgrade to most stable release on 16 soon. Any suggestions on what I can do with the i-rule posted below? Thanks in advance. when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals Boomi_external] } { pool esd-bmapi-dc1-as01-f5.lanl.gov_8077_pool } } when HTTP_REQUEST { if ![HTTP::has_responded] { if { ([HTTP::host] equals "apigway-d.lanl.gov" or [HTTP::host] equals "apigway-d.lanl.gov") } { if { [HTTP::uri] starts_with "/ws/rest/external* " || [HTTP::uri] starts_with "/ws/rest/external*" } { pool esd-bmapi-dc1-as01-f5.lanl.gov_8077_pool } else { reject } return } } }17Views0likes2Comments