developing irules for big-ip
8 TopicsiRule to apply Dynamic Bandwidth Controller Policy depending on Client subnet
Hi all, We have a requirement to apply different Dynamic Bandwidth Controller Polcies depending on the client subnet. This needs to operate on both traffic from client and from server. I have an example which works for all Clients, but need to assign different limits based on client subnet. when CLIENT_ACCEPTED { set mycookie [IP::remote_addr]:[TCP::remote_port] BWC::policy attach dynamic_BC $mycookie } when SERVER_CONNECTED { set mycookie [IP::remote_addr]:[TCP::remote_port] BWC::policy attach dynamic_BC $mycookie } An example of what I wish to achieve: Client address is in 10.200.0.0/22 then 1MBit maximum upload/download enforced. Client address is in 10.204.0.0/22 then 10MBit maximum upload/download enforced. Thanks in advance! Steve334Views0likes1CommentReferencing flowEndSysUpTime (21) and flowStartSysUpTime (22) IPFIX Entities in iRule
I am trying to see if I can setup F5 to sent IPFIX data to Cisco Stealthwatch (Lancope). Two required IP Flow Information Export (IPFIX) Entities are flowEndSysUpTime (21) and flowStartSysUpTime (22). I have been following instructions from here to create the IPFIX template iRule. How do I reference relative timestamps in this iRule? IANA Documentation mentions that this is related to sysUpTime or systemInitTimeMilliseconds on the F5. I am guessing that I need to reference this at the beginning and end of flow, but I am not sure 100% how to do this. Thanks for your help.360Views0likes0CommentsIncrease TPS per host IP
Hi, Our team is asking me to increase TPS per host IP from 30 to 90. They provided me an irule which is currently serving. According to team, this irule is limited for 30 TPS per host IP and I need to find right value for "maxRate, timeout and related" Can someone please help me in the modification of this rule and also explain what this irule do (step by step)? it will be really very helpful. Thanks in advance when RULE_INIT { set static::maxRate 900 * 3 set static::windowSecs 1 set static::timeout 30 } when HTTP_REQUEST { if { [HTTP::method] eq "GET" } { set getCount [table key -count -subtable [IP::client_addr]] log local0. "getCount=$getCount" if { $getCount < $static::maxRate } { incr getCount 1 table set -subtable [IP::client_addr] $getCount "ignore" $static::timeout $static::windowSecs } else { log local0. "Exceeded the number of requests allowed. $getCount" HTTP::respond 501 content "Request blockedExceeded requests/sec limit." return } } }444Views0likes5CommentsiRule to redirect with an elseif statement
hi Dev's Want an iRule to detect the URL – http://xxsupplier.xx.com/supplierguide and re-direct it to https://xxsupplier.xx.com/supplier_guide.html But, if the user enters just http://xxsupplier.xx.com we want them to be redirected to the HTTPS VIP of the same name I have the following iRule, however it does not seem to execute the 2nd part. It WILL detect http://xxsupplier.xx.com/supplierguide and redirect to https://xxsupplier.xx.com/supplier_guide.html However if the user simply enters http://xxsupplier.xx.com the request in the browser will say ‘cannot connect” Thus, my conclusion is that the ‘elseif’ part of my iRule isn’t working. Any help greatly appreciated. There are VIPS defined on both 443 and 80 with the same IP address. when HTTP_REQUEST { set host [HTTP::host] if { [HTTP::host] equals "xxsupplier.xx.com" and [HTTP::uri] starts_with "/supplierguide" } { HTTP::redirect "; } elseif { [HTTP::host] } { HTTP::respond 302 Location "https://$host/" } }966Views0likes6CommentsiRule on GTM to allow a specific IP to a specific node
Hi, I am kinda new to iRules. The scenario is we have GTM and LTM configured on BIG-IP and I want to allow traffic from one particular public IP to one of the 4 available servers (when he hits the URL). Current scenario: GTM pool does a ratio Load Balancing to select DC1 or DC2 (2 datacenters) LTM pool does least connection load balancing to select one of the 2 physical servers. (Same configuration on both data centers so 2+2=4 servers in total). Persistence settings are also enabled. When I try to apply the following iRule on GTM, it throws an error: " Rule [/W_partition/test_g] error: /W_partition/test_g:3: error: [undefined procedure: node][node 10.1.1.1:443] " when DNS_REQUEST { if { [IP::addr [IP::client_addr] equals 100.1.1.1/24] } { node 10.1.1.1:443 } } I tried pool xxxx member xxxx but also no use. Should the iRule is applied on GTM and LTM or just GTM? Please help! Thanks in advance. Version: 11.6.0Solved498Views0likes3CommentsRestrict directory by IP
This first irule IP restriction works for "discard" but the second one does not do the redirect. Any help is appreciated. when HTTP_REQUEST { if { [string tolower [HTTP::uri]] starts_with "/hello" and ![IP::addr [IP::client_addr] equals 152.140.0.0/16] } { discard } } This does not work it gets a 404 when HTTP_REQUEST { if { [string tolower [HTTP::uri]] starts_with "/hello" and ![IP::addr [IP::client_addr] equals 152.140.0.0/16] } { HTTP::redirect "; } }243Views0likes1CommentF5 ASM - Client Session Record
Hello, I'm looking for a solution for recording users/clients who turn to my sites . For example , if a user turns my website I want to see what he was doing on the site and what links they click . I would like to see this as video recording . Is it possible?520Views0likes6Comments