iRule for public IP access to specific section of my URL
I will need someone to validate this iRule for me, pls Request: allow only a public IP or Subnet access to a section of my URL : https://xxx.xxx.com/xxx/* ) Many recommendations welcome. after adding the ALLOW_x.x.x.x on Data Group List when HTTP_REQUEST { if {[HTTP::uri] eq "https://xxx.xxx.com/xxx/*"} { if {![class match [IP::client_addr] equals ALLOW_x.x.x.x]} { HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close TCP::close } } }
F5 iRule Proxy Protocol
Hello, I have this iRule: when CLIENT_ACCEPTED { set proxyheader "PROXY TCP[IP::version] [IP::remote_addr] [IP::local_addr] [TCP::remote_port] [TCP::local_port]\r\n" } when SERVER_CONNECTED { TCP::respond $proxyheader } so, what I want to do now is, this iRule shout not trigger for a specific host or url, the virtual server with this assigned iRule has a LTM policy because it is one virtual server for different hosts, and the policy does the traffic send to the correct pool, so what could I do to exclude a specific URL or Host from this iRule, maybe I could get an example iRule. kind regards
unable to question about getting hsl data to be formatted properly in splunk
We're using the following i-rule to craft the data for sending it to the Splunk server: when CLIENT_ACCEPTED { set client_address [IP::client_addr] set vip [IP::local_addr] } when HTTP_REQUEST { set http_host [HTTP::host]:[TCP::local_port] set http_uri [HTTP::uri] set http_url $http_host$http_uri set http_method [HTTP::method] set http_version [HTTP::version] set http_user_agent [HTTP::header "User-Agent"] set http_content_type [HTTP::header "Content-Type"] set http_referrer [HTTP::header "Referer"] set tcp_start_time [clock clicks -milliseconds] set req_start_time [clock format [clock seconds] -format "%Y/%m/%d %H:%M:%S"] set cookie [HTTP::cookie names] set user [HTTP::username] set virtual_server [LB::server] if { [HTTP::header Content-Length] > 0 } then { set req_length [HTTP::header "Content-Length"] } else { set req_length 0 } } when HTTP_RESPONSE { set res_start_time [clock format [clock seconds] -format "%Y/%m/%d %H:%M:%S"] set node [IP::server_addr] set node_port [TCP::server_port] set http_status [HTTP::status] set req_elapsed_time [expr {[clock clicks -milliseconds] - $tcp_start_time}] if { [HTTP::header Content-Length] > 0 } then { set res_length [HTTP::header "Content-Length"] } else { set res_length 0 } set hsl [HSL::open -proto UDP -pool splunk_hsl_pool] HSL::send $hsl "<190>,f5_irule=Splunk-iRule-HTTP,src_ip=$client_address,vip=$vip,http_method=$http_method,http_host=$http_host,http_uri=$http_uri,http_url=$http_url,http_version=$http_version,http_user_agent=\"$http_user_agent\",http_content_type=$http_content_type,http_referrer=\"$http_referrer\",req_start_time=$req_start_time,cookie=\"$cookie\",user=$user,virtual_server=\"$virtual_server\",bytes_in=$req_length,res_start_time=$res_start_time,node=$node,node_port=$node_port,http_status=$http_status,req_elapsed_time=$req_elapsed_time,bytes_out=$res_length\r\n" } when LB_FAILED { log local0. "f5_irule=Splunk-iRule-LB_FAILED,src_ip=$client_address,vip=$vip,http_method=$http_method,http_host=$http_host,http_uri=$http_uri,http_url=$http_url,http_version=$http_version,http_user_agent=\"$http_user_agent\",http_content_type=$http_content_type,http_referrer=\"$http_referrer\",req_start_time=$req_start_time,cookie=\"$cookie\",user=$user,virtual_server=\"$virtual_server\",bytes_in=$req_length" } We tested it by first sending the data locally and it's getting formatted OK, as per the following: Dec 11 15:45:10 10.192.156.163 context_name="/Common/fwd_vs",dest_ip="192.168.36.45",dest_port="80",device_product="Advanced Firewall Module",device_vendor="F5",device_version="12.1.0.0.0.1690",errdefs_msgno="23003161", errdefs_msg_name="Firewall NAT",event_name="Session Start",ip_protocol="TCP",duration="",severity="7",route_domain="0",source_ip="10.10.10.168",source_port="33868",timestamp="Dec 11 2015 09:23:01",translated_dest_ip="192.168.36.45",translated_dest_port="80",translated_route_domain="0", translated_source_ip="10.192.156.163",translated_source_port="33868" However, when we're sending it to the Splunk server, it's not interpreting the variables, just sending the text. For instance, the $client_address variable comes out as $client_address, not the value inside it. Has anyone come across an issue like this and could shed the light on it? Thanks.question about getting hsl data to be formatted properly in splunk
I posted a similar question about 2 weeks ago and I am still not able to get the data that I send to splunk to have the proper json format. Has anyone either configured their own log pool, log destination and log published or used the f5 supported iapps template f5 analytics version to send log data to splunk ? I will include my HSL::open and HSL:send commands and my log command as well as a screen print with the problem we are trying to solve. What I have been told is that the red color in splunk is the key and the light blue is the value. When I just use the log statement everything is formatted correctly in splunk. When I use the HSL::send command everything I send becomes the key and then the value is something called hostname which is not usable. I have the need to send massive amounts of data to splunk so it is prohibitive to use the log command and put all this data also on local disk. set hsl [HSL::open -proto TCP -pool analytics-iapp-hec-forwarder-tcp-log-stage0] HSL::send $hsl "<190>,hsl test,f5_irule=hsl_splunk_logging_new,client_ip=$client, client_port=$client_port, vip_ip=$vip, vip_port=$vip_local_port, snat_ip=$self_ip,snat_port=$self_ip_local_port,remote_ip=$node,remote_port=$node_server_port " log local0.info "hsltest Event=CLIENT_CLOSED protocol=tcp hsl=$hsl client_ip= $client client_port= $client_port vip_ip= $vip vip_port= $vip_local_port snat_ip= $self_ip snat_port= $self_ip_local_port remote_ip= $node remote_port= $node_server_port "iRule for client certificate verification and inserting CN
Hi dears, I am trying to write an irule for the below conditions Need to verify the client certificate available and valid otherwise 401 response for unauthorized clients, because this does not show 401 or any relevant messages on the browser for failed authentication. Also need to add the CN from the client certificate as http header to backend server. when CLIENTSSL_CLIENTCERT { # Check if the client certificate was provided and valid if { [SSL::cert count] == 0 || [SSL::verify_result] != 0 } { # Set a flag to trigger the redirect for a failed certificate set client_cert_failed 1 } else { # Extract the Common Name (CN) from the client certificate set client_cert_cn [X509::subject [SSL::cert 0]] # Clear the flag as the certificate is valid unset client_cert_failed } } when HTTP_REQUEST { # Check if the client certificate validation failed if { [info exists client_cert_failed] && $client_cert_failed == 1 } { # Send a 401 Unauthorized response HTTP::respond 401 content "Unauthorized: Client Certificate Required" Content-Type "text/plain" return } # Add the CN from the client certificate as a header if it exists if { [info exists client_cert_cn] } { HTTP::header insert X-Client-Cert-CN $client_cert_cn } } But this does not have any hits when I apply to VS, any suggestion or how you overcome this requirement will be helpful.
Very Dark Black Screen Issue After Logging into BIG-IP Web GUI
Hi everyone, Very Dark Black screen appears when I try to access the BIG-IP Web GUI. The login page loads fine, but after logging in, the screen stays blank, and no interface elements are displayed.I have tried using different browsers and cleared the cache, but the issue persists. Has anyone experienced this or knows how to resolve it? Any help would be greatly appreciated. Thank you!
