devops
21550 TopicsIssues with kubernet cluster server which is managed by Tanzu
Hello, dear F5 family, The kubernet clusters managed with Tanzu serve F5 as a backend server. However, sometimes I get authentication and 404 errors at different times in some services. I would like to get support from someone who has knowledge / advice / experience with this issue. Thanks all6Views0likes0CommentsCan SSM Agent run on Ec2 with BEST license?
I am setting up F5 on AWS, using a BEST licensed AMI from the Marketplace. I wanted to be able to manage the instance via Systems Manager. In order for ec2 instances to communicate via SSM, I must install the ssm-agent, which is not installed on the marketplace AMI. However, I have discovered that the BEST AMI has FIPS protection, installing the ssm-agent triggers critical warnings, and my system becomes unavailable after a reboot. So far, the articles here have pointed to "downgrading" to a license that does not have FIPS as the only way to disable it entirely. However, WAF is a requirement for me, and only appears to be available in the BEST license. Is there a license that has Web Application Firewall but no(or a less restrictive) FIPS, or a way to allow SSM on a FIPS protected machine? It is the ssm commands that are installed in /usr/bin that trigger the alert.13Views0likes0CommentsView NAT / SNAT Sessions
Hi, I have recently enabled an SNAT in an iRule: switch -exact -- "1" [IP::addr [getfield [IP::client_addr] "%" "1"] equals 10.80.0.0/16] { snat automap } and I am trying to work out how many sessions are being SNAT'd as a result of this change. Issuing the commands: sho ltm nat sho ltm snat sho sys connection cs-client-addr 10.80.0.202 etc are not giving me any results. I am not so much interested in the details of the sessions, just totals so I can verify that I'm not exceeding the 64k limit but obviously doing something wrong. Thanks James2.3KViews0likes6CommentsiRule: Failure to activate payload
Hi, folks, I'm getting a result I don't understand on a very simple iRule. It works in this version: when HTTP_REQUEST { if {some_stuff} { drop log local0.warn "Warning" } But this does not display the HTML: when HTTP_REQUEST { if {some_stuff} { HTTP::respond 200 content { <html>Some HTML</html> } log local0.warn "Warning" } And neither does this: when HTTP_REQUEST { if {some_stuff} { HTTP::respond 200 content { [ifile get _our_ifile] "Content-Type" "text/html;charset=utf-8" } log local0.warn "Warning" } I've verified that the HTML is valid. What am I missing? Thanks, John A71Views0likes5CommentsIrule using a data group to bypass header injection
Trying to do a basic irule that looks at a data group and bypasses the header injection based on the data group uris. Been messing with the below but getting multiple errors when adding the top lines to bypass the existing irule posted below. Datagroup would be the uribypass when HTTP_REQUEST { if { ([class match [HTTP::path] starts_with "uribypass"]) } { exit else { if { !([HTTP::header exists "test-Proxied" ]) } { HTTP::uri /test[HTTP::uri] # Inject custom header HTTP::header insert test-Proxied 1 } } } }29Views0likes1CommentF5 looses the token for the first call
Do you have any similar issue? or any idea : with the token that it has retrieved from the AD Entra ID endpoint. The first call to the backend always loses the token on the way via F5, so it does not reach the backend at all. The frontend then goes to an error page (no authorisation). If you then start the same call again, i.e. reload the frontend, everything works as expected.71Views0likes3CommentsiRule - Url rewrite and header replace and pool selection not working
I have a scenario where I need to perform a header replace and url rewrite and select a pool. I have several sites that I need to select a specific pool and they all have to come through the same virtual server. When I select a pool the content returned is not complete. The web page is missing formatting and content. If I define a default pool that would be used for the specific site the content returned is complete for that site but still missing content for the other sites not using a default pool. I have tried a /32 oneconnet profile and that made no difference. Below is my irule when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "mywebsite.test.edu" { switch -glob [string tolower [HTTP::uri]] { "/mytestsite1" { HTTP::redirect "https://mywebsite.test.edu/mytestsite1/Authentication/Login?" } "/mytestsite1/*" {if {[HTTP::host] ne ""} { HTTP::header replace Host "differentname.test.edu" HTTP::uri [string map -nocase {"/mytestsite1/" "/differentname1/"} [HTTP::uri]] } pool mypool1 return } "/mytestsite2" { HTTP::redirect "https://mywebsite.test.edu/mytestsite2/Authentication/Login?" } "/mytestsite2/*" { if {[HTTP::host] ne ""} { HTTP::header replace Host "differentname.test.edu" HTTP::uri [string map -nocase {"/mytestsite2/" "/differentname2/"} [HTTP::uri]] } pool mypool2 return } "/mytestsite3" { HTTP::redirect "https://mywebsite.test.edu/mytestsite3/Authentication/Login?" } "/mytestsite3/*" { if {[HTTP::host] ne ""} { HTTP::header replace Host "differentname.test.edu" HTTP::uri [string map -nocase {"/mytestsite3/" "/differentname3/"} [HTTP::uri]] } pool mypool3 return } } } } }73Views0likes5CommentsGuide for exam 402 F5 Certified Solution Expert
I passed exam 402 F5 Certified Solution Expert, I would like to share guide for prepare to exam this certificate, First you have to review blueprint about exam topic from F5: https://techdocs.f5.com/dam/f5/kb/global/solutions/k29900360/402_-_Cloud_Solutions.pdf 1. Information about license https://my.f5.com/manage/s/article/K14810 https://clouddocs.f5.com/cloud/public/v1/matrix.html https://clouddocs.f5.com/cloud/public/v1/licensing/licensing.html https://wtit.com/f5-good-better-best-licenses/ 2. F5 instance type on microsoft azure and AWS 3. Strategy migration application to cloud https://aws.amazon.com/blogs/enterprise-strategy/6-strategies-for-migrating-applications-to-the-cloud/ 4. Learning about HTTP method for API and API concept https://community.f5.com/kb/technicalarticles/wils-the-data-center-api-compass-rose/283999 5. About cloud provide object https://clouddocs.f5.com/cloud/public/v1/aws_index.html https://clouddocs.f5.com/cloud/public/v1/azure_index.html 6. Cloud concept and automation47Views1like0CommentsiRule for public IP access to specific section of my URL
I will need someone to validate this iRule for me, pls Request: allow only a public IP or Subnet access to a section of my URL : https://xxx.xxx.com/xxx/* ) Many recommendations welcome. after adding the ALLOW_x.x.x.x on Data Group List when HTTP_REQUEST { if {[HTTP::uri] eq "https://xxx.xxx.com/xxx/*"} { if {![class match [IP::client_addr] equals ALLOW_x.x.x.x]} { HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close TCP::close } } }76Views0likes4CommentsSteps to create custom curl monitor
Hi Everyone I tried to make a health monitor check proxy by following this kb https://my.f5.com/manage/s/article/K31435017, but the results still failed when I curled towards the destination has anyone ever been able to? please advise & suggest29Views0likes1Comment