iControlREST and Curl to save and download ASM policies
Hi, I want to be able to save/export asm policies on the F5 and then download. I want to do this using iControlREST and curl. I am able to save UCS files with the post shown below: curl -v -sk -u admin:admin https://myF5/mgmt/tm/sys/ucs -H 'Content-Type: application/json' -X POST -d '{"command":"save","name":"blah.ucs"}' | jq However if I try to do something similar for asm I get errors. Below is what I was trying with asm. curl -v -sk -u admin:admin https://myF5/mgmt/tm/asm/policies/fn9GoMrandomGvoN2dD -H 'Content-Type: application/json' -X POST -d '{"command":"save","name":"as_test.xml"}' | jq The error I get is: { "code": 400, "message": "Could not parse/validate the Policy 'Security Policy /Common/as_test'. Unknown field 'command'", "originalRequestBody": "{\"command\":\"save\",\"name\":\"as_test.xml\"", "referer": "x.x.x.x", "restOperationId": 59083, "kind": ":resterrorresponse" } Thank you
Download a BIG-IP UCS archive with "curl".
Problem this snippet solves: Download a BIG-IP UCS archive using the program "curl" and verifies the output file's signature. Tested on 13.1.1. How to use this snippet: Edit the code to input the hostname of your F5 UI, admin credentials, source UCS file name (defaults to config.ucs), and the output file name. Code : #!/bin/bash # # Download a UCS archive (across a stable network) with curl. # #------------------------------------------------------------------------- F5_HOST='myhost.example.com' CREDENTIALS='admin:admin' FINAL_FILE='/tmp/config.ucs' ARCHIVE_NAME_ON_SERVER='config.ucs' DEBUG='' #------------------------------------------------------------------------- # # Get the md5 checksum for the archive. # #------------------------------------------------------------------------- ARCHIVE_CHECKSUM=$(curl -sku $CREDENTIALS -X POST -H "Content-type: application/json" \ -d "{\"command\":\"run\", \"utilCmdArgs\": \"-c '/usr/bin/md5sum /var/local/ucs/$ARCHIVE_NAME_ON_SERVER'\"}" \ https://$F5_HOST/mgmt/tm/util/bash | awk -F':' '{print $NF}' | awk -F'"' '{ print $2 }' | awk '{print $1}') [ -z "$ARCHIVE_CHECKSUM" ] && echo "Failed to get archive signature. Aborting." && exit 1 [ ! -z "$DEBUG" ] && echo "Archive checksum: $ARCHIVE_CHECKSUM" #------------------------------------------------------------------------- # # Find out the size of the archive and the size of the data packet. # #------------------------------------------------------------------------- Content_Range=$(curl -I -kv -u $CREDENTIALS -H 'Content-Type: application/json' -X GET "https://$F5_HOST/mgmt/shared/file-transfer/ucs-downloads/$ARCHIVE_NAME_ON_SERVER" 2>/dev/null | grep "Content-Range: " | cut -d ' ' -f 2) FIRST_CONTENT_RANGE=$(echo -n $Content_Range | cut -d '/' -f 1 | tr -d '\r') [ ! -z "$DEBUG" ] && echo -n "FIRST_CONTENT_RANGE: " [ ! -z "$DEBUG" ] && echo $FIRST_CONTENT_RANGE NUMBER_OF_LAST_BYTE=$(echo -n $FIRST_CONTENT_RANGE | cut -d '-' -f 2) [ ! -z "$DEBUG" ] && echo -n "NUMBER_OF_LAST_BYTE: " [ ! -z "$DEBUG" ] && echo $NUMBER_OF_LAST_BYTE INITIAL_CONTENT_LENGTH=$NUMBER_OF_LAST_BYTE CONTENT_LENGTH=$(($NUMBER_OF_LAST_BYTE+1)) [ ! -z "$DEBUG" ] && echo -n "CONTENT_LENGTH: " [ ! -z "$DEBUG" ] && echo $CONTENT_LENGTH DFILE_SIZE=$(echo -n $Content_Range | cut -d '/' -f 2 | tr -d '\r' ) [ ! -z "$DEBUG" ] && echo -n "DFILE_SIZE: " [ ! -z "$DEBUG" ] && echo $DFILE_SIZE LAST_END_BYTE=$((DFILE_SIZE-1)) CUMULATIVE_NO=0 [ ! -z "$DEBUG" ] && echo "CUMULATIVE_NO: $CUMULATIVE_NO" SEQ=0 LAST=0 #------------------------------------------------------------------------- # # Clean up: Remove the previous output file. # #------------------------------------------------------------------------- /bin/rm $FINAL_FILE 2>/dev/null #------------------------------------------------------------------------- # # Get the archive file. # #------------------------------------------------------------------------- while true do if [ $LAST -gt 0 ]; then [ ! -z "$DEBUG" ] && echo 'End of run reached.' break fi if [ $SEQ -eq 0 ]; then NEXT_RANGE=$FIRST_CONTENT_RANGE CUMULATIVE_NO=$NUMBER_OF_LAST_BYTE CONTENT_LENGTH=$INITIAL_CONTENT_LENGTH else START_BYTE=$(($CUMULATIVE_NO+1)) END_BYTE=$(($START_BYTE + $CONTENT_LENGTH)) if [ $END_BYTE -gt $LAST_END_BYTE ]; then [ ! -z "$DEBUG" ] && echo "END_BYTE greater than LAST_END_BYTE: $END_BYTE:$LAST_END_BYTE" LAST=1 let END_BYTE=$LAST_END_BYTE [ ! -z "$DEBUG" ] && echo "Getting the last data packet." fi NEXT_RANGE="${START_BYTE}-${END_BYTE}" CUMULATIVE_NO=$END_BYTE fi [ ! -z "$DEBUG" ] && echo "NEXT_RANGE: $NEXT_RANGE" let SEQ+=1 [ ! -z "$DEBUG" ] && echo "SEQ: $SEQ" OUTPUT_FILE_NAME="/tmp/$$_downloaded_ucs_archive_file_part_$SEQ"; curl -H "Content-Range: ${NEXT_RANGE}/${DFILE_SIZE}" -s -k -u $CREDENTIALS -H 'Content-Type: application/json' -X GET "https://$F5_HOST/mgmt/shared/file-transfer/ucs-downloads/$ARCHIVE_NAME_ON_SERVER" -o $OUTPUT_FILE_NAME cat $OUTPUT_FILE_NAME >> $FINAL_FILE /bin/rm $OUTPUT_FILE_NAME [ ! -z "$DEBUG" ] && echo "End of loop $SEQ" done #------------------------------------------------------------------------- # # Verify downloaded file. # #------------------------------------------------------------------------- FINAL_FILE_CHECKSUM=$(/usr/bin/md5sum $FINAL_FILE | awk '{print $1}') if [ "$FINAL_FILE_CHECKSUM" == "$ARCHIVE_CHECKSUM" ]; then echo "Download completed and verified." else echo "Downloaded file has incorrect checksum." exit 1 fi # END -------------------------------------------------------------------- Tested this on version: 13.0
http_process_state_prepend - Invalid Action:0x109010
We're trying to implement OwnCloud in our environment, and I've developed a few iRules to handle some of the work , but we've run into an issue when trying to download files. The connection keeps getting reset and the file doesn't come down. I think it gets part of the file (a little bit more each time you try), but continuously fails with the message http_process_state_prepend - Invalid action:0x109010. my iRule disables the ACCESS profile (ACCESS::disable) when there is no currently valid session for certain url's that don't need authentication, and uses a Client Initiated forms SSO setup on the root path for the login page. I know it's not a lot of information, but I would appreciate any light that could be shined on this issue 🙂
APM - Provide file at access policy logon page stored on the APM
Hello community, I have to add a download link (help file; .pdf format) to a custom logon page. I could of course place this file on a web server but I'd like to store the file directly on the APM. I've found something about "Hosted content" (http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-hosted-content-implementations-11-4-0/1.html) but I really don't know if this is what fits my need and second...we run 11.3 at the moment. Any idea would be appreciated. Best regards, h0nkyF5 LTM - Unable to download 5MB file
We are having an issue while trying to download a CSV file (size 5MB) via F5 LTM (version: 11.3.0). The file gets downloaded successfully when tried from backend application server. The Application server takes around 8mins to retrieve the data and downloading the file. While trying with BIG-IP LTM tries for quite some time and eventually throws "page cannot be displayed error". I guess LTM session gets timed out. Interestingly this works for smaller CSV files which are in few KBs. Following are the settings related to LB: Standard virtual server with LB virtual IP listening on port 443 (HTTPS) tcp-wan-optimzed & tcp-lan-optimized applied for client & server profiles No persistence profiles used Automap used for Source Address Translation Backend servers runs in port: 443 with "https" health monitor Can someone throw some light on which TCP parameter needs to be fine-tuned for resolving this issues? Any help on this will be highly appreciated.Slow Download Speed through F5
Hi, we are facing an issue regarding download speed. A virtual F5, licensed for 200M has a VS configured. Behind the VS, there's a server (10G-NIC) with a 1GB test file. If the client is downloading the file directly (100Mbit NIC), its speed is constantly around 100M. If the client tries the download through the F5, the speed varies and ends up around 76M with the default tcp-profile, and around 84 with tcp-lan-optimized. Here you can see a chart of the NIC - the first and third attempt are directly, second and fourth via F5: On F5, it looks like this: I assume now - given that the server can handle 10G, but the F5 TMM instance is only capable of 100M - the server tries to increase the speed over these 100M - which you can see in the light blue peaks. The TMM instance can't handle the packets, drops them, and the server needs to retransmit. This seems to happen more often and I think that this could be the reason for this low output rate. Does this sound plausible? Is there any way to tweak this? E.g. with TCP window-size or similar towards the server? Or do you think the problem is somewhere else? (Pagle is off, working only with these both default profiles). There are no irules / ASM / APM bound to this VS. Does only SSL-Offloading, nothing else. Thanks in advance!
iControl 10.4.2 jar file
Hi Guys, I'm new here and I will be doing some system integration between F5. Would you know where I can get a copy of the assembly/jar file for an older version of the iControl? 10.4.0 or 10.4.2 will do. I searched the net but I can only see the latest version 11. Thanks in Advance! Aldrich
