Deleting an AS3 Tenant
Wanted to share the below method for deleting AS3 tenant's as it wasn't documented . You can use the HTTP delete method; but if an admin misses the tenant name after /declare/ it would wipe out all tenants! If you POST the below body to the 'https://{{bigip_mgmt}}/mgmt/shared/appsvcs/declare'; as its a blank declaration; AS3 will remove your partition / tenant. . { "class": "AS3", "action": "deploy", "declaration": { "class": "ADC", "schemaVersion": "3.1.0", "id": "tenant_name", "label": "tenant_name_via_AS3", "remark": "tenant_name_via_AS3", "CHANGE-ME-TO-TENANT-NAME": { "class": "Tenant" } } }
Adding logging to APM per-request policy without SWG license
bigip working as web proxy using APM per-request policy. All that it utilizes is custom user category for allowed fqdn/uri. Nothing fancy. URL filtering works without SWG licen$e. Client still sees APM block screen and allowed to go to destination that are in custom user category. But, you will not see url request log. I have tried adding an logging agent to the per-request policy with following code; An HTTPS request was made to this host %{perflow.category_lookup.result.hostname}; the per-request policy set SSL bypass to %{perflow.ssl_bypass_set}. but, nothing in the log. Looks like without SWG license APM logging won't be possible. I have tried adding irule event; but, I am NOT having luck. Not seeing hit for ACCESS_POLICY_AGENT_EVENT. I see ACCESS_PER_REQUEST_AGENT_EVENT stat is incrementing. But, nothing in the ltm log. Is that because of licen$e or I'm doing something wrong? when ACCESS_POLICY_AGENT_EVENT { set session_id [ACCESS::session data get "session.id"] if {[ACCESS::policy agent_id] eq "logAllow_iRule" } { set client_ip [IP::client_addr] set requested_uri [HTTP::uri] log local0. "ALLOW: APM Session: $session_id, Client IP: $client_ip, Requested URI: $requested_uri" } elseif {[ACCESS::policy agent_id] eq "logReject_iRule" } { set client_ip [IP::client_addr] set requested_uri [HTTP::uri] log local0. "REJECT: APM Session: $session_id, Client IP: $client_ip, Requested URI: $requested_uri" } else { log local0. "APM Session ID: $session_id" } } when ACCESS_PER_REQUEST_AGENT_EVENT { set session_id [ACCESS::session data get "session.id"] ACCESS::log accesscontrol.notice "ACCESS_PER_REQUEST_AGENT_EVENT: [ACCESS::perflow get perflow.irule_agent_id]" log local0. "APM Session ID: $session_id" }
Same LTM Monitor applied to different Pools with Common Nodes
We have a several nodes that are used multiple pools and each of the Pools has the same monitor associated with them. My question is will each node be monitored separately for each pool even though the monitor is the same? We are going through some clean up and trying to validate that the monitoring in place is not causing more traffic than needed. We have also started to alert on when a node fails monitor and have started to notice that they are failing not due to a bad response but due to no response. Thanks in advance, Joe
irule execution error
I am receiving an irule execution error on multiple assigned virtual servers (visible in the pcap file). How can I determine which irule this error belongs to? Additionally, for this service When the same endpoint is called repeatedly, the request succeeds several times (usually between 5 and 10), then an error occurs and all subsequent requests fail with the same error. What could be the reason for this? Is it related to an irule error?
getting compiling error when enabling Nginx App_potect
i m trying to install NGinx plus with App_ptotect but when trying to enable app_protect module after installing it i get the following error nginx: [emerg] APP_PROTECT config_set_id 1752649466-871-149162 not found within 45 seconds nginx: [emerg] APP_PROTECT fstat() "/opt/app_protect/config/compile_error_msg.json" failed (2: No such file or directory) and i can not start the nginx service, any idea about the issue?How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?
Hi everyone, I’m running BIG-IP VE with LTM + Advanced WAF (ASM) and I’m planning a license upgrade (e.g., 200 Mbps to 1 Gbps). Before upgrading, I want to measure the real WAF throughput on the currently running VM, ideally: Per virtual server (VIP) And, if possible, per ASM/AWAF security policy Questions: 1- Is there a supported way to get throughput (Mbps/Gbps) per ASM/AWAF security policy (not just per VIP), either from GUI, tmsh? 2- If per-policy throughput isn’t available, is VIP throughput the recommended proxy for WAF throughput (since the policy is attached to that VIP)? 3- For sizing/licensing discussions, should throughput be considered request-only or request + response (bidirectional)
