Configure syslog server in F5 with an irule to see actual internet IP in syslog server
Hi, we are using Big IP 3900 version 10.2 , We had network topolgy in this way that we need to enable SNAT as AutoMap , For this reason we are not been able to see the actual Internet IP / Client IP , in the servers . We want configure an irule in such a way that it will log the actual Internet/Client IP and send it to the syslog server . For that should we need to configure syslog server in F5 , or it can be configured or forward through irule itself. Our mail Aim is to see only the Actual Internet/Client IP. Please help Thanks in Advance for the help
"ASN1_CHECK_TLEN:wrong tag" when importing a PEM certificate
Hi all i'm having an issue on importing a certificate into the F5. When i import the certificate, i'm having this error message: "Import Failed: Open SSL error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag The certificate file began by: ---BEGIN CERTIFICATE--------------------- Proc-Type: 4, ENCRYPTED DEK-Info: DES-EDE3-CBC,F488.... (And here the certificate code) -----------END CERTFICATE------ Do i need to do somethink with open ssl befor importing the file? How can i do to import it? Thanks in advance for your help.
iRule to change host headers.
Hi guys, first time on DC so apologies in advance if I'm doing something wrong. Please can you help with an issue I have. We have a website that is hosted externally on a server which hosts multiple websites. There is a requirement to SSL enable the communication to our website on this particular server. The web server hosting these multiple sites performs SSL but can't host a certificate for our website/domain. We're therefore changing the access model for this site so that the we perform Client SSL and Server SSL on the BIG-IP obviously hosting the cert for our domain on the BIG-IP. However, it looks like there is an issue when the BIG-IP sends the request to the server, in that, the server sends a reset. For example, hosted site of https://www.hosted.com/aon.asp. However, we want clients to reach https://www.mybigip.com, which would (as per the name) resolve to the VIP on our BIG-IP which would in turn load-balance to the IP of the hosted dom. I imagine we'll need to modify host headers using an iRule to when the HTTP request is made, but I'm not sure if I'll need to change the host headers on the way back in the HTTP response. Any help greatly appreciated. cheers, Steve.
When to use HTTP::uri vs HTTP::path, contains vs matches
When should I be using the HTTP::uri versus the HTTP::path in an iRule? Second part of the question is should I be using a "contains" or "matches" for the following... Sample uri, http://www.test.com/dir/page.php?=data when HTTP_REQUEST { if { [HTTP::uri] contains "php" } { pool php_pool } } when HTTP_REQUEST { if { [HTTP::path] contains ".php" } { pool php_pool } } If I want to do pool selection based on the content type, in this case it's a php, which would be the least cpu expensive route? Since the URI may not end with "php" would this need to be a contains or is there another method that is recommended? Thanks in advance!
Can I use irule to change uri based on selected pool member ?
Hello, I have 4 nodes as pool members 192.168.9.179,192.168.9.180,192.168.9.181,192.168.9.182 and 1 Virtual Server 192.168.9.199 When client use the application, URL for this application is http://192.168.9.199/report/report.php?param=vserver Then F5 will load balance this traffic to 4 pool members in Round Robin algorithm. The question is : after load balancing, this HTTP request have to change it's URI depend on selected pool member if go to pool member 192.168.9.179, the uri have to change to http://192.168.9.179/report/report.php?param=server1 if go to pool member 192.168.9.180, the uri have to change to http://192.168.9.180/report/report.php?param=server2 if go to pool member 192.168.9.181, the uri have to change to http://192.168.9.181/report/report.php?param=server3 if go to pool member 192.168.9.182, the uri have to change to http://192.168.9.182/report/report.php?param=server4 How can I use irule to match this requirement ? Thanks,
How to Configure Cookie Sticky configurations
I am new to F5. We have a requirement to configure Cookie sticky session. I believe i need to create "persistence" profile and configure Coockie methods but i am not sure what needs to be done... does anyone in this group know how i can use the GUI to configure this? thanks.
SSL over port 8080
I have a web server that has two sites running on it. One on port 80, and the other on port 8080. I have a 3 virtual servers created on the F5. One for port 80, one for port 8080, and another for 443. On the one for port 80, I have an iRule attached, so when somebody types in http://servername.domain.com it redirects it automatically to https://servername.domain.com It works quite well. I need to get SSL working for the one on port 8080, and can't seem to figure it out. I tried using my originally iRule that just does a redirect to https: like I have for the site on port 80, and it didn't work. I created a 2nd iRule and just manually typed in the URL I wanted it to direct it to instead of the host value (https://servername.domain.com:8080)which didn't work either. I can't seem to get the site running on port 8080 to work with SSL. Any hints? Just using the standard iRules for http to https redirects: when HTTP_REQUEST { HTTP::redirect https://[HTTP::host] } Also tried: when HTTP_REQUEST { HTTP::redirect https://servername.domain.com:8080 }
Inserting SSL client certificate into the header of the HTTP session
Hello group, I do not have much experience in creating iRules and I need to set an iRule to an https virtual server type with client certificate authentication. The iRule should do the following: 1 .- Insert the entire client certificate (in PEM format) as a Multiline HTTP header named X-Client-Cert into the incoming HTTP request and send this header to the backend server. 2 .- Insert the original ip address of the client into a HTTP header named X-Forwarder-For and send this header to the backend server. I need this because I must use auto map SNAT Pool feature in the implied virtual servers. It is possible to do all this in only one iRule? Thanks you. Miguel Angel.how to do HTTP header replace with iRule
Hey guys, well, the client wants to use special string to replace the http response header's host string. could you help me to check the following iRule or correct it when HTTP_RESPONSE { set newhost "www.xyz.com" if { [HTTP::header host] eq "www.abc.com" } { HTTP::header replace host $newhost } } thanks!