Trying to change HTTP header User agent
Hi everyone! I am trying to log the http:header user-agent to a variable using an iRule. I am trying to log exactly what broswer the client is using:(IE, FF, Chrome). Right now, the log shows: "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" Here is what I have so far. when HTTP_REQUEST { if {[HTTP::header "User-Agent"] contains "Firefox"} then { set user_agent "Firefox" } elseif {[HTTP::header "User-Agent"] contains "Chrome"} then { set user_agent "Chrome" } else { set user_agent "IE" log local0. "User Agent is: $user_agent" } } but the logs shows the same output. Any help would be great! Thanks everyone!Serving or browsing iFiles
Problem this snippet solves: Browse iFiles from internal IPs, serve the files externally by name. How to use this snippet: Create DNS name like ifile-*.example.org and point to a vip. Add iRule to a vip. before other events. Code : # rule_ifile-star # This file allows browsing iFile content in a web browser # add the rule to shared-* and add dns alias to shared-* for any F5 # Tim Riker <Tim@Rikers.org> when HTTP_REQUEST { switch -glob -- [HTTP::host] { "ifile-*" { set uri [HTTP::uri] set contenttype "text/html; charset=utf-8" switch -- [getfield $uri . 2] { js { set contenttype "application/javascript; charset=utf-8" } png { set contenttype "image/png" } svg { set contenttype "image/svg+xml" } } # format '%s' work around for F5 ifile get bug 913385 if { [catch { HTTP::respond 200 content [ifile get [format "%s" $uri]] Content-Type $contenttype Connection close} ] } { if { ([class match -- [IP::client_addr] equals private_net]) } { # browse only from private_net set response "<!DOCTYPE html><html lang=\"en\"><head><title>[HTTP::host]</title>" append response "<script src=\"//code.jquery.com/jquery-3.3.1.js\"></script>\n" append response "<script src=\"//cdn.datatables.net/1.10.19/js/jquery.dataTables.min.js\"></script>\n" append response "<script>\$(document).ready(function() {\$('#ifiles').DataTable();} );</script>\n" append response "<link rel=\"stylesheet\" type=\"text/css\" href=\"//cdn.datatables.net/1.10.19/css/jquery.dataTables.min.css\">" append response "</head><body><h1>[HTTP::host]</h1>" append response "<p>[virtual name]</p>" append response "<table id='ifiles'><thead><tr><th>file</th><th>size</th><th>who</th><th>date</th><th>ver</th></tr></thead><tbody>\n" foreach {ifile} [ifile listall] { append response "<tr><td><a href=\"$ifile\">$ifile</a></td>" append response "<td>[ifile size $ifile]</td>" append response "<td>[ifile last_updated_by $ifile]</td>" append response "<td>[clock format [ifile last_update_time $ifile] -format "%Y-%m-%d %H:%M:%S"]</td>" append response "<td>[ifile revision $ifile]</td>" append response "</tr>\n" } append response "</tbody></table></body>" HTTP::respond 200 content $response "Content-Type" "text/html; charset=utf-8" Connection close } else { set error_page [string map [list TITLE "Not Found" ERRORURI "[URI::encode "https://[HTTP::host][HTTP::uri]"]" TEXT "Not Found"] [ifile get "/Common/error.html"]] HTTP::respond 404 content $error_page "Content-Type" "text/html; charset=utf-8" Connection close } } event disable return } } } Tested this on version: 15.1
Can't pass 'Browser Add-On' validation
Hi, I've got installed Big IP Client Build/API version: 7113,2018,906,151 As of this week, when I try to 'Connect' to the VPN I am greeted with the following message: "Installation of browser add-on has failed, or security settings of your browser do not allow browser add-ons. Continue without browser add-ons." When I click on Continue without browser add-ons, I am then prompted to a message "Please update your Anti-virus Definitions as they appear to be out of date. Please update them and re-try and for further assistance please contact the IT Service Desk on XXXXXXXX quoting Error Code 30." Now, I believe the Anti-Virus message is not relevant as I have updated the definitions as I would normally do. I feel the real issue is the installation of browser add-on that is failing. If I try to go to my remote.domain.com then the browser tries to download a plugin but it won't work either. Not sure what to do while i wait for IT support of my organisation to help out. Any hint, or anything I could do at my end would be appreciated. Regards Alejandro
SEC7111 HTTP Security Compromised Generated by a JavaScript.
Hey everyone! I just ran into an issue that I haven't seen before. Let me give you some background: We have a backend web application running only on port 80 and publish this through a standard HTTPS virtual server using only a Client SSL Profile. We have also a HTTP to HTTPS VS to make sure we access the site over HTTPS. Everything is working great except for a specific function on the site. The application is used to handle internal billing and once you are done with entering your details, you can print a report. When working correctly, this should open up the report as a PDF file in a new window. This is when things go south. Apparently there is a JavaScript that helps creating this PDF file. First we get the "Internet Explorer is not showing all of the content". When accepting that we get nothing. When checking the debugging you find this: The JavaScript is generating a URL of http:// when we have an active session running on https:// and security is being jeopardized. When going to the exact URL that reports the error but changing it to https:// it works straight away. So I know what the problem is but I have no idea how to fix it. Long term would be to turn on HTTPS on the back-end server but that will take some time and we need a fix for this quite fast since they cannot print out these reports if they are not in the local office, connecting to the server directly. I tried searching through the JavaScript to see if I can find where it actually uses http:// and just using a Stream Profile change it but I have not found anything. I also tried to add a Stream Profile changing Source: http://[URL] to Target: https://[URL] but that bricked the site. Since the problem is the JavaScript, the browser won't even send the request to the F5. If it were to send the request to the F5 it would hit the iRule and get redirected to HTTPS. Do you guys have any idea?
Browser Cookie Support Required iRule Using Modernizr
Problem this snippet solves: Validates (using JavaScript) that the client browser supports cookies before continuing. It's a good idea to back up the Modernizr script libraries and store them locally in case something happens to them. There is an exception for OPTIONS HTTP requests. This was a requirement in our environment, because there was an inbound application that could not accept cookies. The saving grace is that they told me they were using OPTIONS instead of GET, so I was able to create an exception to bypass the iRule. You'll want to keep this in mind in case you run into similar scenarios. Feedback or suggestions are welcome. How to use this snippet: The iRule MUST be in last position of order. For some reason it doesn't work otherwise. This site was damaging the code. You can download it as txt.zip or retrieve it from my first comment. Shoutout to my webdev coworker for supplying the JavaScript portion, which I tweaked a bit and added the alert to. "If only there was some way to force the client to reload the page," I mused. Doh! Code : 69783 Tested this on version: 11.5
Sharepoint 2013 and browser logout issue
We are using BIGIP LTM & APM 11.6.1 and have set up a Virtual server for our Sharepoint 2013 farm. The issue that we are experiencing is that if the user is using the Chrome browser, no matter whether they select "Sign Out" or just close the browser, their session stays open and the next person to visit that site is logged in with the previous users credentials. Many of our users will be logging onto this Sharepoint site from public computers so this is a huge security risk. Has anyone found a good solution to this problem that still allows users to edit documents on the site using Microsoft Word or Excel.
Ask the Expert – Why Web Fraud Protection?
Corey Marshall, Security Solution Architect, explains why the browser is a new threat vector into an organization’s applications and infrastructure. This universal client can be the weakest link in the access chain and malicious characters are focusing on this as an avenue to steal information. Web fraud can be detrimental to both users and organizations alike and Corey explains some specific business scenarios along with F5 fraud protection services that can provide visibility into behavior anomalies and protect the client side against data leakage. ps Related: Ask the Expert – Are WAFs Dead? Ask the Expert – Why SSL Everywhere? F5 Web Fraud Protection Technorati Tags: f5,web fraud,security,browser,threats,privacy,silva,video Connect with Peter: Connect with F5:Security Sidebar: I Can See Your Browsing History
Is there any expectation of browsing privacy on the Internet any more? Well, there shouldn't be. A few years ago, Internet browsers were widely known to have vulnerabilities that allowed websites the ability to search a user's browsing history. Websites could use a combination of JavaScript and Cascading Style Sheet (CSS) features to figure out what websites you visited. In 2010, researchers at the University of California at San Diego found that several pornographic sites would search a user's browser history to see if the user had visited other pornographic sites. But it wasn't just the porn industry viewing user habits. These same researchers found several news sites, finance sites, and sports sites doing the same thing. Over time, browser security updates were supposed to have fixed these vulnerabilities...and they did for a while. But recently, security researchers have uncovered new vulnerabilities that allow this behavior once again. There's a new attack that uses the requestAnimationFrame function to determine how long it takes a browser to render a webpage. Simply stated, if the page renders quickly, the user has probably visited it before. You get the idea. There are ways to work around these browser history vulnerabilities. The primary workaround is to make sure you never have any browser history. You can clear all your history when you close your browser (in fact, you can do this automatically on most browsers). While this might keep someone from knowing your browsing history, it can also prove to be very inconvenient. After all, if you clear your history...well, you lose your history. Let's be honest, it's nice to have your browser remember the sites you've visited. What a pain to reestablish your user identity on all the websites you like to hit, right? So why is your browsing history so interesting? Many companies want to target you with ads and other marketing initiatives based on your browsing habits. They also want to sell your browsing habits to other interested parties. I could also talk about how the government might use this information to spy on help you, but I'll refrain for now. Allan Friedman, a research scientist at George Washington University, recently said that websites are very likely searching your browser history to determine the selling price for a particular item. They might offer you a better deal if they find that you've been shopping their competitors for the same item. Likewise, they might charge more if they find nothing related to said purchase in your browser history. Justin Brookman, a director at the Center for Democracy and Technology, echoed this sentiment when he said browsing history could come at a cost. For example, if you have been shopping on a high-end retail site, you will likely see advertisements for higher priced businesses displayed on your browser. Another way this could affect your daily life is in the area of smartphone geolocation. Your smartphone will broadcast location information every few seconds, and businesses can use this information to send marketing emails (coupons, daily deals, etc) when they know you are close by. Currently, there is no federal law that prohibits this behavior. As long as businesses aren't lying about what they are doing, it's perfectly legal. Don't be surprised when you conveniently get a "check out our great deals" email from the store you just passed by. Ours is a really cool, technology-filled world...and it's kind of scary at the same time.
