What is the meaning is 52% block in WAF
Dear All Hope you all doing well. In the last couple of days when I checked the event one piece of info caught my eye which is request count 722 (52.3546% blocked). Most of the event shows 100% blocked but why it is not 100%? Can someone describe to me why it is not 100% why it is 52.3546? Waiting for someone's reply.
rewrite Azure AD response for portal access via web portal
Hi All, I have a web portal where access to it is done via SAML authentication with AzureAD. I have a portal access called VIP_Maintenance configured on this we portal, the APP VIP_Maintenance is a web site on this web server (mywebserver.xyz.com) which also configured for SAML authentication. This web server hosts multiple web sites, so the one for VIP_Maintenance is (mywebserver.xyz.intra/azure). Other resource is /signin-wsfederation, this is where I should land after the successful authentication with Microsoft. So when I try to access to the web portal using my user name and password, F5 sends the request to AzureAD and I receive a code on my cell phone which I enter and access is granted. Now when I click on the portal access icon (VIP_maintenance), the web portal rewrites the request to this: https://web-portal-azuread.viarail.ca/f5-w-68747470733a2f2f7669706d6e74632e746573742e696e747261$$/azure then I see my browser communicating with Microsoftonline for authentication and I see the reply from AzureAD like this: https://login.microsoftonline.com/007eae9f-b0c2-4137-a710-16d67a6568a1/wsfed?wtrealm=https%3A%2F%2Fvipmntc.test.intra%2F&wctx=WsFedOwinState%3DaQm7wom_iiDcspTp4F75-SNiAH6ulYFzgGdxezLukSK9-twIS0gTcgMY7dprTnf7OmROGo1XmkiLAbaVs4L8ISgubrF5FaUtbeIdn7ywnn0JvUYlwclAR1V3GwiWN9VkfNE5hThiW2bzM1tV1arZ6IahGZgjBiVVLSCn2BzTdFdu73Ck709An2sk1IVDfV-26FbvGHbUJyYjK-fnc5iiCw&wa=wsignin1.0&wreply=https%3A%2F%2Fvipmntc.test.intra%2Fsignin-wsfederation right after, the url changes to this: https:// mywebserver.xyz.intra/signin-wsfederation, and I get an error this this page cannot be reached which is understood as mywebserver.xyz.intra is not exposed to internet. Now, what I need to do is to make F5 rewrite the response from Microsoft in to this url: https://web-portal-azuread.viarail.ca/f5-w-68747470733a2f2f7669706d6e74632e746573742e696e747261$$/ signin-wsfederation , instead of https:// mywebserver.xyz.intra/signin-wsfederation. Any Idea how I can achieve that? Your help is highly appreciated. regards,
Portal Access to HTTPS resources slow
Hey all, Wanted to reach out to see if anyone has dealt with Portal Access and performance issues for resources in the backend that use HTTPS. I'm on version 15.x, recently upgraded to v15.1.10.3, and the issue persists. I also have the iRule to patch issues with Chrome 122+. On the client-side, only HTTPS is permitted. If the backend app is allowed to use HTTP then it works well. But having backend traffic use HTTPS in some instances makes the app nearly unusable. And in the cases where the backend tries to enforce a http-to-https redirect effectively "blocks" the access. Trying to change a number of options has yielded little results. I do have a case open with F5 and captures provided. Thanks in advance... Josh Becigneul
Citrix XenServer Big-IP Upgrade help
I am looking to upgrade our stand alone BIG-IP on xenserver. Currently running 15.1.2.1. It looks like I can just upgrade to 17 based on K13845. I am stuck on exactly what file to download. I also read K51113020 on how to do the upgrade, but I am a little hesitant because it doesn't reference XenServer specifically. Looking at the files on the download page, I am not sure if I just pull an OVA file? The VM guy seems to think that is really for a new install not an upgrade. I will take any tips, tricks or strategies to make this a simple upgrade. Thanks in advance. John
BIG-IP DNS iRule issue with static variable
I am trying to develop an iRule bypassing DNS processing when a DNS request matching a wide ip comes via a specific listener on our BIG-IP DNS. Code is below: when RULE_INIT { set static::ul_ip "10.X.Y.Z" set static::ul_debug true } when DNS_REQUEST priority 100 { if { [IP::addr [IP::local_addr]/32 equals $static::ul_ip]} { DNS::disable all #apparently event disable is no longer accepted? #event disable if { [$static::ul_debug]} { log local0. "DNS Request [DNS::question name] triggered bypass" } } } This rule is meant to be applied to specific wide ip's (for reasons). When this rule is applied and tested, I am seeing the message below in /var/log/gtm: Apr 30 12:06:37 somebigipdns.nope.com err slot1 tmm[18454]: 011a7001:3: TCL error: Rule /Common/ul-bypass-rule <DNS_REQUEST> - can't read "static::ul_ip": no such variable while executing "IP::addr [IP::local_addr]/32 equals $static::ul_ip" I'm completely unclear on why the TCL error is occurring. For bonus points, any idea why 'event disable' isn't working in the DNS_REQUEST event? This message shows up in /var/log/ltm unless 'event disable' is commented out: Apr 30 11:11:27 somebigipdns.nope.com err slot1 mcpd[6981]: 01070151:3: Rule [/Common/ul-bypass-rule] error: /Common/ul-bypass-rule:23: error: [undefined procedure: event][event disable] Thanks in advance for any assistance provided. - R
F5 ASM logging profile to specify source IP
Dears, would it be possible to add the specific partition self IP address to use the ASM logging profile as source IP . i have configured the logging profile but the traffic is orginated from managment interface IP instead of sepcifc partition self IP. I have created stactic route for syslog server towards the Self IP of partition but still no luck. is there any way to achive
