Issue on license renewal
Hello Dears I get this reply from F5 team regarding to licenses for two F5 boxes : Sometimes, there are special circumstances when our customers will ask to have add on modules/ add on keys retired. Usually this is from applying the same type of key twice to the same unit on accident, or applying it to the wrong unit overall on accident. When this has occurred, we are here to help out with retiring them and getting a new 0$ order processed for the key or keys, that were misapplied. However, there is a time limit on when this can be done. Retirement can only be achieved within a 2 to 3 week period when it was originally applied or the request will be rejected by our IT department. We cannot just move add on keys around because our customer wants us to, this is in the EULA when you activate the license. In order to move an add on module you need to have a legitimate issue with the add on key, i.e. you activated two of the same add on keys on the same device, but it still has to be within that timeframe. We can start the process to retire the add ons key. To better assist you, please share with us a list of specific add on keys that needs to be retired. If your request is rejected, we will need to forward your request to our Sales support team to explore what other options you may have to get this resolved from a sales aspect such as purchasing new keys, what else can be done, terms of the EULA, etc. We encourage you to follow the steps in article K34948229: Add-on license keys can only be activated on one device. https://support.f5.com/csp/article/K34948229 Rafael Fernandez | Tech support coordinator II could anyone explain more to me ? Best Regards
redirect not working
I have below scenario works without redirect if statement . when i add the if statement for uri redirect getting a reset. when HTTP_REQUEST { if { [HTTP::uri] starts_with "/" } { HTTP::redirect /testpage } #log local0. "Active members is [active_members pool1]" if { [active_members pool1] == 0 }{ if { ( ( [class match [IP::client_addr] eq "whitelist"] ) && ( [active_members pool2 ] > 0 ) ) } { pool pool2 } else { HTTP::respond 503 content [ifile get "applicationdown.html"] } } }Reliable resources for identifying IP addresses
Hello! I'm a project manager responsible for the WAF implementation in my organization. Aside from overseeing the implementation, I'm in the trenches, so to speak, with the everyday care and feeding of WAF which is likely unusual for a project manager. 😃 Our systems administrators have setup our WAF logs so that they are logged in Splunk and Oracle. I have created numerous reports, dashboards, and alerts that Splunk uses against a lookup table that I built to identify the IP address owners. This manually built and maintained by myself in Excel and was started with IP records provided by two of our business owners for educational institutions that use their services. The Excel spreadsheet is over 100K lines and I lookup IPs using ARIN as part of growing this IP table. This is cumbersome to say the least. My manager wants to move more of our WAF reporting to an Apex tool that one of our application developers built. This renders my Splunk lookup table useless. What resources are others in the community using to identify IP addresses? The application developer responsible for the Apex application would like something available via API. I began the effort to identify IP addresses to help with our tuning and remediation efforts. We look more kindly upon infractions from an educational institutions than traffic from a bot source. We will do post production tuning against a policy if one of our business owners reports a block on behalf of an end user. The IP identification helps with this process. Our WAF administrator is extremely cautious which I respect because we need to protect our infrastructure but our processes for remediation and tuning are quite tedious. Thank you in advance for any resources you can provide! Jodiminimum tmos software version for connect CIS (openshift)
Hi I need your help I looking for minimum tmos software version for connect CIS (openshift) I can't find any documents relate to this topic please let me know if you know or have some documents or does not need software version for connect CIS (openshift) thank youAPI feed for WAF Attack Signatures
Hi again! This is my 3rd question post today and I'll try to make it my last for today. 😄 I'm a project manager responsible for our WAF implementation and I'm more involved in WAF care and feeding than a project manager should be. Is there an API feed available for WAF attack signatures both current and staged? Our WAF logs are fed into Splunk and Oracle. In Splunk, I built an Excel spreadsheet that I use as a lookup table that has current and staged attack signatures. I had help pulling the JSON feed from the F5 attack signatures database. I have to manually add to this file as I suspect our logging activity is causing additional characters such as percent signs to show up in the sig_ids field for my Splunk reports. As mentioned in one of my other posts, my manager wants to move over to an Apex application that one of the application developers on our WAF team has been building. The goal is to allow our business owners to authenticate and view WAF related reports that we develop for their organization. If we move to Apex, this renders the Splunk lookup table I've built and maintain useless, thus, I'm on a hunt for an API. If anyone has suggestions for staged attack signature management, I'll take those as well. I was told that I should monitor them which I am but our tuning and remediation processes are so tedious that I'm not sure how to work in yet another meeting to review and discuss staged attack signatures. 😒 Thank you! Jodi
