Errors with AS3 3.56.0 with F5 17.5.1.6
Hi Folks, I upgraded my Lab F5s to 17.5.1.6 and now my AS3 declarations are not working anymore. I get following error regardless of the declaration, even an empty declaration throws this error. "results": [ { "message": "failure querying config for tenant jwt-keys (POST http://admin:XXXXXX@localhost:8100/mgmt/tm/util/bash execute bash command response=403 body={\"code\":403,\"message\":\"Direct access to /mgmt/tm/util/ is not permitted.\",\"restOperationId\":18430866,\"kind\":\":resterrorresponse\"})", "host": "localhost", "tenant": "jwt-keys", "code": 400, "declarationId": "tenant_name" } ], Has anyone experienced the same error? The error does not change if I change the authentication method from basic to token. I will open a case with F5 and report the result back. I found following error in the restjavad.0.log [WARNING][787][04 May 2026 11:59:45 CEST][8100/mgmt ForwarderPassThroughWorker] Blocked direct localhost request to util endpoint: /mgmt/tm/util/bash
Changes to DO and AS3 GitHub - no longer monitored
I see Changes to DO and AS3 GitHub pages have been updated with these notices: " AS OF FEBRUARY 2026, THIS GITHUB REPOSITORY WILL NO LONGER BE MONITORED OR UPDATED. This repository will remain available, at least temporarily. You can find the latest RPMs and other files on MyF5 Downloads. Refer to 'Filing Issues and Getting Help' for additional details. " I'm also seeing [Deprecated] notices on some VS Code extensions, which may or may not be related. I haven't been able to find any larger announcements regarding these. I have not been able to find any additional detail. Does anyone know if we are about to see a a large shift (or loss) of tooling around BIG-IP?
F5 Config - API Access on servers
Hello,, Pl. be gentle as I am new to this and am asking this on behalf of someone as their networking resource is ooo on some emergency. There are two separate, identical server instances hosting identical API's e.g. here is a sample endpoint for one of those API's https://prod1.mydomain.com:8443/ne/curr/CheckInventory https://prod2.mydomain.com:8443/ne/curr/CheckInventory F5 has been configured Round-Robin mode Both Servers added to a new Pool VIP created with ssl enabled (default port 443) https://app.mydomain.com Questions: What additional config neeeds to happen so any request from an external client for CheckInventory endpoint is processed What will be the new endpoint for this API? https://app.mydomain.com/CheckInventory Can it be changed to something else Is there an API mapping that has to be created withing the F5 config that will translate the Request ( https://app.mydomain.com/CheckInventory) to what the server is expecting (https://prod1 (or prod2).mydomain.com:8443/ne/curr/CheckInventory) Thank you
F5 Visual Studio Code extension not listing Big IP device partitions for 17.5.1.5 QKViews
As a general practice, after I upload qkviews to iHealth I then copy them to my visual studio code workspace. In the past, pulling them up using the Big IP extension, it would show all the source conf files and partions. For all 17.5.1.5 qkviews I've generated this past weekend, none of them have the source/partition data. Is this a bug, did F5 change something in the way this new build processes qkviews? The extension is pretty much worthless without it. To be sure it's limited to 17.5, I pulled up several 17.1.3.1 QKViews and the partitions/sources loaded fine.
CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM
We are experiencing an issue where Prometheus is scraping metrics from F5 BIG-IP LTM, causing high CPU and memory utilization on the F5 device. Initial step, we have adjusted the scraping interval to 1 minute, but the issue still. Are there any recommended tuning options or best practices?
ASM/AWAF declarative policy
Hi there, I searching for options to automate ASM and rather want to avoid having AS3 in loop due to need to update it on F5 side. Luckily F5 introduced "declarative policy" But, I am not able to get it working properly. I am able to deploy WAF policy with example mentioned here. But it does not contain any of specified servier technologies. I do have the same issue with parameters or URLs when I tried other examples. They are simply got ignored. Is it buggy, or have anyone of you struggled with it? My last option is to have set of policies predefined in XML format and do some importing or playing with policy inheritance. Well declarative ASM looks exactly what I need, it just does not work or I am wrong :) Thanks for any help Zdenek
iRule Developer Tools
Hi All, I've made a set of developer tools for Tcl including iRules, https://github.com/bitwisecook/tcl-lsp This includes LSP server Editor integrations for VSCode, Sublime Text, Zed, Jetbrains, Helix, neovim, emacs and more (though I've only really hammered on vscode there) MCP server Claude skills cli tool Semantic token highlighting Hover docs Format string interpreters AI tools for creating, explaing, validating, documenting, diagramming iRules and Tcl full optimising compiler chain with 26 optimiser passes 27 iRule specific diagnostics and optimisations Security warnings through taint tracking (use of user input tracked through the code) Shimmer detection with inline type hints (know when a variable type is being reinterpreted) Code formatting Code minification Compiler explorer to look at how your code is interpreted A full iRule testing framework and more. This is only based on publicly available information and my memory, though I have deployed enough iRules. This is the tool I always wanted. I could do with help expanding and improving the profile -> event / command maps, and the iRule event graph, and with generally finding bugs, so please, open issues. I will be away on holiday for a couple of weeks so please bear in mind I may take a little time to get back to you. cheers, Jim 🇬🇧🇦🇺
