F5 BigIp cluster active/stanby in Azure, failover very slow
Hello, I'm contacting you because I need to configure a F5 BigIp cluster in active/stanby in Azure, and I'm encountering a problem with failover. My infrastructure and part of the configuration looks like this: With the mentioned iRules, the failover goes fine. My problem is that it's dramatically slow (between 30 seconds and 3 minutes for the ALB to realize the failover). Do you know a way of minimizing this delay? Thanks in advance for your help.
vlan associated with 2 selfIP on different subnets
Hello everyone, I have an BigIP LTM Cluster deployed on Cloud Azure, and I would like to know if it is possible to associate a new selfip (e.g. 10.20.1.1/24) to a vlan that has already associated a selfip of a different subnet (e.g. 10.10.1.1/24) Thank you
Is it possible to create a Single Pool with multiple ports ?
Am getting this error when i try to create a Pool with Any service ports 01070622:3: The monitor /Common/tcp has a wildcard destination service and cannot be associated with a node that has a zero service is there anyway we can create single pool which supports multiple ports ? we have the requirements for using more that 50 ports , and in the VIP config we can create a single vip with add the required ports from port list. How we can accomplish this Or creating a multiple pools and VIP's with different ports is the only option . Any help would be appreciated .Thanks in advance
Bypass certificate prompt if URI contains a specific word
The customer has requested that when traffic arriving with a specific word in the URI then need to disable the prompt for a certificate. https://www.example.com <--Prompt for certificate https://www.example.com/api <--Do not prompt for a certificate. I looked at comments about iRules, but I think APM will work better. I am not that well versed on APM, except for some basic configurations that I have found through F5/Dev Central. any suggestions or pointers are appreciated.
F5 rules for AWS WAF
Hi, We are experiencing false positives with the WAF rule rule_ZmEu_Headers, part of the F5-Bots_Managed ruleset protecting our backend. Issue details: - Legitimate requests from our customers are being blocked with HTTP 403 Forbidden errors. -The blocked requests include the standard AWS session stickiness cookies AWSALB and AWSALBCORS. - These cookies contain values that coincidentally include the substring "ZMEU", which appears to be causing the rule to trigger incorrectly. - We suspect the rule performs a basic substring match on header values leading to false positives. - The requests otherwise come from valid user agents and normal browser traffic. - This issue is impacting business operations and requires urgent attention. Request: - Please clarify the detection logic behind rule_ZmEu_Headers. - Can the rule be tuned or exceptions created to avoid false positives caused by cookies? - Is there a recommended best practice to exclude legitimate session cookies like AWSALB from this check? - We would appreciate guidance on mitigating this issue without disabling the entire bot protection ruleset. Please check the attached log for an example block. Thanks.
