F5 iRule Reverse Proxy, rewrite, redirect
Hello everyone, We currently have a scenario where a URL is no longer available and needs to be (redirected). The starting point is when https://company.com/tool is accessed, it should (redirect) to https://x.x.x.x/tool. Unfortunately, the (redirected) website doesn't have an FQDN, so it needs to be (redirected) to the IP address. Of course, https://company.com/tool should remain in the browser. Is this possible? A reverse proxy approach? Could someone provide me an example iRule? THX
Is it possible to select ASM BoT profile from irule?
Hi. . Is it possible to select BoT profile from irule? . Concept is we have different set of IP which need to allow "some" BoT type. That why we can't use whitelist IP in BoT profile because it will allow all BoT type. So We want to use iRule to check if it IP A > use BoT profile which have some exception, but if all other IP > use normally BoT profile. . when HTTP_REQUEST { # Check IP and select BoT profile from that if { [IP::client_addr] eq "A" } { ASM::enable allow_some_bot_profile } else { ASM::enable normally_bot_profile } } ps. I didn't see any document about how to select BoT profile. So I'm not sure if ASM::enable can do that.
Bypass certificate prompt if URI contains a specific word
The customer has requested that when traffic arriving with a specific word in the URI then need to disable the prompt for a certificate. https://www.example.com <--Prompt for certificate https://www.example.com/api <--Do not prompt for a certificate. I looked at comments about iRules, but I think APM will work better. I am not that well versed on APM, except for some basic configurations that I have found through F5/Dev Central. any suggestions or pointers are appreciated.
How to make a password-protected private key via REST
Hey everyone! Does anyone know how to use a REST command to create a password protected key? I tried the following, but it gave me the error: {"code":400,"message":"\"passphrase\" may not be specified in the context of the \"create\" command. \"passphrase\" may be specified using the following commands: install","errorStack":[],"apiError":26214401} payload = { "name": f"{fqdn}-key-{datetime.utcnow().strftime('%Y%m%d%H%M%S')}.key", "commonName": options.common_name, "keySize": options.key_size, "keyType": "rsa-private", "options": [{"gen-csr": "www.testing.com"}], "organization": options.organization, "city": options.city, "state": options.state, "emailAddress": options.email, "subjectAlternativeName": sans, "passphrase": password, "securityType": "password", } r = await ltm.post("mgmt/tm/sys/crypto/key", json=payload, raise_err=False)connect to an icap server, but is it possible to route only specific services to the virtual server?
Since it's created as an internal virtual server, I don't know what traffic is going through that VS. Is it possible to configure it so that only certain services go through that VS? refer : https://www.f5.com/pdf/integration-guide/f5-ssl-orchestrator-and-symantec-dlp-ssl-visibility-and-content-adaptation.pdf https://www.f5.com/pdf/solution-center/f5-ssl-orchestrator-and-mcafee-dlp-recommended-practices-guide.pdf
