Let's Encrypt with Cloudflare DNS and F5 REST API
Hi all This is a followup on the now very old Let's Encrypt on a Big-IP article. It has served me, and others, well but is kind of locked to a specific environment and doesn't scale well. I have been going around it for some time but couldn't find the courage (aka time) to get started. However, due to some changes to my DNS provider (they were aquired and shut down) I finally took the plunges and moved my domains to a provider with an API and that gave me the opportunity to make a more nimble solution. To make things simple I chose Cloudflare as the community proliferation is enormous and it is easy to find examples and tools. I though think that choosing another provide with an open API isn't such a big deal. After playing around with different tools I realized that I didn't need them as it ended up being much easier to just use curl. So, if the other providers have just a somewhat close resemblance it shouldn't be such a big task converting the scripts to fit. There might be finer and more advanced solutions out there, but my goal was that I needed a solution that had as few dependencies as possible and if I could make that only Bash and Curl it would be perfect. And that is what I ended up with 😎 Just put 5 files in the same directory, adjust the config to your environment, and BAM you're good to go!!😻 And if you need to run it somewhere else just copy the directory over and continue like nothing was changed. That is what I call portability 😁 Find all the details here: Let's Encrypt with Cloudflare DNS and F5 REST API Please just drop me a line if you have any questions or feedback or find any bugs.
iRule for public IP access to specific section of my URL
I will need someone to validate this iRule for me, pls Request: allow only a public IP or Subnet access to a section of my URL : https://xxx.xxx.com/xxx/* ) Many recommendations welcome. after adding the ALLOW_x.x.x.x on Data Group List when HTTP_REQUEST { if {[HTTP::uri] eq "https://xxx.xxx.com/xxx/*"} { if {![class match [IP::client_addr] equals ALLOW_x.x.x.x]} { HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close TCP::close } } }
F5 iRule Proxy Protocol
Hello, I have this iRule: when CLIENT_ACCEPTED { set proxyheader "PROXY TCP[IP::version] [IP::remote_addr] [IP::local_addr] [TCP::remote_port] [TCP::local_port]\r\n" } when SERVER_CONNECTED { TCP::respond $proxyheader } so, what I want to do now is, this iRule shout not trigger for a specific host or url, the virtual server with this assigned iRule has a LTM policy because it is one virtual server for different hosts, and the policy does the traffic send to the correct pool, so what could I do to exclude a specific URL or Host from this iRule, maybe I could get an example iRule. kind regards
Very Dark Black Screen Issue After Logging into BIG-IP Web GUI
Hi everyone, Very Dark Black screen appears when I try to access the BIG-IP Web GUI. The login page loads fine, but after logging in, the screen stays blank, and no interface elements are displayed.I have tried using different browsers and cleared the cache, but the issue persists. Has anyone experienced this or knows how to resolve it? Any help would be greatly appreciated. Thank you!
Irules Editor
HI Guys. I read on an article that there is an Irules editor here in DevCentral, to check rules syntax before testing. I'm totally new so this would be very useful i think. Is that true ? where can i find it ? Generally speaking is possible to upload Irules code and have some expert opinion ? If Yes how ? Thank you for your help Regards Mario
Creating Policy using Terraform
I have been trying to create a policy onto my F5 device but keep getting conflicting errors: This is my condition block: condition { http_cookie = true case_sensitive = true values = ["cookie_value"] } but i receive the error: operand 'http-cookie' selector 'all' is missing required parameter 'name'. but when I add all and name it gives me the error that name does no belong there. I have tried a bunch of different things but cannot figure it out. Can someone please help?
ASM don't block attack XSS
hi all, I enabled all the XSS signatures and all signatures are state no staging. why the asm don't block this : <script>alert("attack")</script> It match to some Attack Signature ID : 200101609 , 200001088, 200000098, 200001475 Here is state of signature ID 200001475 Thanks.Big-IQ + LetsEncrypt wildcard
Hi, anyone using the BigIQ -> LetsEncrypt integration and have configured wildcard certificates? We use SSL profiles , one for each wildcard domain, and wanted to automate the certificate process . I can only find release notes saying this is possible, but not much else online.
