asm
97 TopicsPriority group activation on GTM.
Hello All, I need to configure active standby configuration on GTM pool level, only one VS should be UP and second should be standby if one vs is down then traffic should pass to another VS and i can see there is one option Minimum-up Members but i do not know how to use it as a priority group activation on GTM level. If any one has any article or config suggestion please share. Many thanks in advanced for your time and consideration.30Views0likes1Commentcannot find Security -> Application Security: Headers: Cookie List
Hello F5 Community, My WAF trial VM runs on 17.1.1.4. I cannot find Security -> Application Security: Headers: Cookie List in the WAF. Is that feature removed or Located in new place. I searched over internet but I could not find a resolution. Security -> Application Security : Security Polices : Policy -> HTTP Message Protection -> Cookies Also empty.57Views0likes2CommentsASM Sync Between 2 Data Centers
Hi Folks, Any one tried to sync ASM configuration between 2 data centers successfully? my current scenario is, i have HA pair (active/passive) in data center A and another HA pair (active/passive) in data center B and need to sync the the ASM configuration between the 2 data centers.Solved172Views0likes14Commentsautomatic learning logs/report ?
Hello, My client has no other solution but to implement automatic learning for a new website where the owners won't help the team in understanding the application. On another side, security team wants to have information on what was changed and when by the automatic learning policy. I've come to article https://my.f5.com/manage/s/article/K58082590 that uses API to retrieve the list of learning suggestions for a given policy, but I'm not sure it will give me the information I need for automatic policy. Since suggestions that reach 100% are learned, I imagine the suggestion disappear as soon as 100% score is reached and the API will return nothing if the suggestion has already been learned. Is there a better way to get this report ? I'm ok with SIEM, syslog, API, or maybe an iCall ? To start with, I couldn't find the info in audit logs or in asm logs. some pieces of info are found in Webui : Security > application Security > audit > logs. But how to export this ?46Views0likes2CommentsASM API v16 - get list of SignatureOverride
Hello, My client would like a scheduled report on all the signatures used as exceptions in the policy items (let's say in parameters and URL object). I've figured that the info can be retrieved through API : https:///mgmt/tm/asm/policies//parameters/ I could have this kind of output where parameter1 has 2 signatures overrides, and parameter2 doesn't have any { "maximumLength": 200, "stagedSinceDatetime": "2024-10-16T13:33:54Z", "hostNameRepresentation": "domain-name", "dataType": "uri", "createdBy": "GUI", "sensitiveParameter": false, "parameterLocation": "any", "valueType": "user-input", "kind": "tm:asm:policies:parameters:parameterstate", "selfLink": "https://localhost/mgmt/tm/asm/policies/gK_P0j6j8NT8wUz2pORRRQ/parameters/SZehdfNxQfRzSeE_d2V5eA?ver=16.1.5", "inClassification": false, "urlReference": { "link": "https://localhost/mgmt/tm/asm/policies/gK_P0j6j8NT8wUz2pORRRQ/urls/OXujEJOZ7V0nU7Mgu2-Bzg?ver=16.1.5", "protocol": "https", "name": "/random-uri/path/", "method": "*", "type": "explicit" }, "checkMinValueLength": false, "isCookie": false, "mandatory": false, "id": "SZehdfNxQfRzSeE_d2V5eA", "allowEmptyValue": false, "checkMaxValueLength": true, "name": "parameter1", "lastUpdateMicros": 1.729085634e+15, "isReferenced": false, "isHeader": false, "attackSignaturesCheck": true, "level": "url", "allowRepeatedParameterName": true, "signatureOverrides": [{ "signatureReference": { "link": "https://localhost/mgmt/tm/asm/signatures/gJ3lZomuuxyJqa2InBac1w?ver=16.1.5", "isUserDefined": false, "name": "Unix/Linux \"date\" execution attempt (Parameter)", "signatureId": 200003085 }, "enabled": false }, { "signatureReference": { "link": "https://localhost/mgmt/tm/asm/signatures/YqXJ-_VkhoSiQ49IuaFmUA?ver=16.1.5", "isUserDefined": false, "name": "Unix/Linux \"time\" execution attempt (Parameter)", "signatureId": 200003155 }, "enabled": false } ], "type": "explicit", "performStaging": false } { "isBase64": false, "maximumLength": 120, "stagedSinceDatetime": "2024-11-20T09:17:03Z", "dataType": "alpha-numeric", "createdBy": "GUI", "sensitiveParameter": false, "parameterLocation": "any", "valueType": "user-input", "kind": "tm:asm:policies:parameters:parameterstate", "selfLink": "https://localhost/mgmt/tm/asm/policies/gK_P0j6j8NT8wUz2pORRRQ/parameters/iKZNHNqAGGVo_-csIuNBwQ?ver=16.1.5", "inClassification": false, "checkMinValueLength": false, "isCookie": false, "mandatory": false, "metacharsOnParameterValueCheck": true, "id": "iKZNHNqAGGVo_-csIuNBwQ", "allowEmptyValue": false, "checkMaxValueLength": true, "valueMetacharOverrides": [], "name": "parameter2", "lastUpdateMicros": 1.732094223e+15, "isReferenced": false, "isHeader": false, "parameterEnumValues": [], "attackSignaturesCheck": true, "level": "global", "allowRepeatedParameterName": false, "signatureOverrides": [], "type": "explicit", "performStaging": true, "enableRegularExpression": false } I would like to filter the query and only have the parameters with a non-empty list of SignatureOverride. I learnt that F5 API is relying on OData and that we can borrow some of its functions. I also need to consider that SignatureOverride field is an array. I tried this: $filter=signatureOverrides/any(s: s ne null) => but the any function doesn't seem to be available and I also tried this: $filter=signatureOverrides/$count ne 0 => same, the count command is not available either how can I work with OData filter on the signatureOverrides field ?2Views0likes0CommentsHigh CPU utilization (100%).
I observed high CPU utilization (100%) on F5 device, resource provision ASM nominal. I checked the client-side throughput and server-side throughput both are normal but found management interface throughput is very high and what i noticed this is happening in same time period for last 30 days. What could be the reason for this spike. Many thanks in advanced for your time and consideration.143Views0likes14CommentsHSTS is not working.
Hi there, We have one irule is configured on VIP which is redirecting to maintenance page if user access the wrong url on that page HSTS is not working but if we access the right url then HSTS is working. We have enabled HSTS in http profile and that is attached to the same VIP with irule. Is there any way to enable HSTS on maintenance page or any remediation to fix that issue. if { $DEBUG } { log local0. "TEST - Source IP address: [IP::client_addr]" } switch -glob $uri_ext { "/httpfoo*" {set uri_int [string map {"/httpfoo" "/adapter_plain"} $uri_ext]} "/httptest*" {set uri_int [string map {"/httptest" "/adapter_plain"} $uri_ext]} default { HTTP::respond 200 content [ifile get ifile_service_unavailable_html] set OK 0 } } Many thanks in advance.Solved105Views0likes1CommentMigration from physical Hardware to R series
I have a physical hardware box 4000s in which there are 4 X 1 gig interfaces in a trunk. In new r series device r4600 we have trunk with two 25 gig interfaces. Can I copy the UCS from old device and load it on the new device using no license no platform check command ? Anyone has done this type of migration, please let me know the steps you followed.53Views0likes3CommentsIrule for Host block with custom ASM violation
Dears, I have following scenarios, 1. if Traffic from Internal user/IP --- >Allow connection 2. Traffic from internet 2.1) Block access only on Host name ( URL ), That is -----> https://XYZ.com 2.2) Allow access to URI's, Thats is ------- > https://XYZ.com/abc or https://XYZ.com/* I tried multiple way and find some solution but its not working. Its great if some one helps here when HTTP_REQUEST { set reqBlock 0 if {[string tolower [HTTP::host]] eq "XYZ.Google.com" && [IP::addr [IP::client_addr] equals "10.0.0.0/8"]} { log local0. "[IP::client_addr] triggered geo" set reqBlock 1 } } when ASM_REQUEST_DONE { if {$reqBlock == 1} { ASM::raise VIOLATION_URL_GEOLOCATION } }52Views0likes1Comment