Sending HTML Emails via APM Email Action
Hi All, Is it possible at all to send HTML emails (so to include an image in the email body) via the APM policy by default. I see a few threads from years gone by where people were asking for this, but no solid answers. Alternatively, without having the write out the entire SMTP conversation and instead leveraging the email options on F5, is it possible to iRule this in it's simplest form? Many thanks, JDSolved1.5KViews0likes3CommentsSharepoint health monitors
Hey Everyone, I am currently load balancing two servers in my SharePoint setup. I am currently using the default "http" health monitor. Sometimes in the morning, one of the servers goes into an error and responds back with a 503 error. The F5 still sees the server as up and 50% of the people get the error page. I am looking for a health monitor that checks the ICMP of the server and also checks to see is the server responds back with a 503 error. If the server responds back with a 503 error I need the F5 not to send traffic to the server. In a perfect world I would also love to receive an email when this server shows a 503 response. I don't play with health monitors too often and was wondering if anyone out there could help me out. Cheers!1.3KViews0likes10Commentsemail alert notification not working when member came up again
Hello guys i've configured this: https://support.f5.com/csp/article/K3667 https://support.f5.com/csp/article/K59616664 I receive alerts when node goes down, but not when going up again What could be the problem? Oct 3 23:02:57 my.website.com notice mcpd[8459]: 01070640:5: Node /Common/172.17.70.18 address 172.17.70.18 monitor status down. [ /Common/icmp: down ] [ was up for 24hrs:2mins:5sec ] Oct 3 23:02:57 my.website.com notice mcpd[8459]: 01070640:5: Node /Common/172.17.70.19 address 172.17.70.19 monitor status down. [ /Common/icmp: down ] [ was up for 24hrs:2mins:6sec ] Oct 3 23:02:57 my.website.com notice mcpd[8459]: 01071682:5: SNMP_TRAP: Virtual /Common/dev-myweb has become unavailable Oct 3 23:02:59 my.website.com notice mcpd[8459]: 01070728:5: Node /Common/172.17.70.18 address 172.17.70.18 monitor status up. [ /Common/icmp: up ] [ was down for 0hr:0min:2sec ] Oct 3 23:03:02 my.website.com notice mcpd[8459]: 01070728:5: Node /Common/172.17.70.19 address 172.17.70.19 monitor status up. [ /Common/icmp: up ] [ was down for 0hr:0min:5sec ]678Views0likes9CommentsSend email on reaching bandwidth threshold
Hello Devcentral! I've been looking for a way to send out an email from a F5 BIG-IP (12.1.2) but I cannot find anything that tells me if a) this can be done and b) how to do that. I do have ASM's running around that I send emails from using the alert.conf on the CLI but that /var/log/ltm message of "Bandwidth exceeded by 75% ... " etc. etc, I want that to be send out as well. Any tips are greatlly appreciated. Witih kind regards, DLP P.s.: We do not log from these specific F5's to a SIEM of any kind otherwise I could have gotten my information that way :)644Views0likes3CommentsF5 ltm email alert customizing.
Hello, I have a questions some F5 ltm email alert. Using the /config/user_alert.conf, and F5 sent email alert to customizing. So I received the email, but email subject was so long long... Examples, "01070638:5: Pool xxxxxx member xxxx:80 monitor status down. [ /Common/xxxxx: down; last error: /Common/xxxxxx: Response Code: 200 (OK); Downed instance came up.; Unable to connec..." I want to email subject customizing that "01070638:5: Pool xxxxxx member xxxx:80 monitor status down." and email body fill the detail syslog include. I read other question that add the text. It's not working that user_alert.conf. alert BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_STATUS "Pool xxx member xxxxx:80 monitor status down." { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.10"; email toaddress="gds@wemakeprice.com" body="Subject: Pool xxx member xxxxx:80 monitor status down." } Would please ASAP please give me the solution. waiting for your reply...568Views1like2CommentsF5 ASM Custom Block Response - mailto link insert support-id into subject
Hello! How can I create a block response that would copy the <%TS.request.ID()%> into the subject of the e-mail when clicking the mailto-link. HTML-encode doesn't work cause user would get a value <%TS.request.ID()%> instead of the actual number. When I put the stuff in the mailto link in "" then it doesn't work at all. Is there any Javascript or other means of sorcery that could accomplish this? Kind regards, Erkki Request Rejected The requested operation was rejected by Web Application Firewall. If this is a mistake then please kindly inform the WAF team. Contact by phone: +372-blah and tell them the support ID: <%TS.request.ID()%> You can also reach us by e-mail:488Views0likes3CommentsBit Bucket for SMTP Traffic
I'm looking for a solution that basically accepts SMTP connections, but sends all mail to a bit bucket -- almost like a /dev/null. The problem im running into, is I cant just use a simple irule that "drops" or "rejects" the traffic. I would need to accept the connection and somehow find a way to spoof the initial EHLO response from the f5. Any suggestions would be greatly appreciated.486Views0likes0CommentsF5 APM EMAIL Alert : failed VPN connection
Hello All, I need a solution for APM VPE editor Macros for the below. any help on this would be much helpful Actually, when the user fails to log in to the VPN they should receive an email with due to what reason they failed to log in. reasons might be like this. 1 pass 0 fail ===================================================================================== Subject: F5 VPN session failed: session ID Message: Hello User: username, Your VPN session failed. 1. Certificate check: 1 2. MFA : 0 or 1 3. AV check: 1 or 0 4. Firewall check: 1:0 5. AD Auth: 1 or 0 Your session has failed due to the above reason where it's mentioned as 0. Kindly get in touch Network administrator to get the issue fixed. To self troubleshoot click on the link: SNOW KB link. =============================================================================================== TIA436Views0likes1CommentLTM :: SMTPS Command Injection
It seems the SMTPS profile on the LTM allows command injection. It is detected as: SMTP Service STARTTLS Plaintext Command Injection (52611) :: The remote SMTP service contains a software flaw in its STARTTLS implementation that could allow a remote unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to steal a victim's email or associated SASL (Simple Authentication and Security Layer) credentials. To test, we modified the standard python smtplib library to send a malicious version of the command by appending the HELP command after STARTTLS. Packet capture shows execution of the command: What have folks done to get around this outside of writing an iRule? This is what I came up with... which SEEMS to work... but I'm by no means an expert. when CLIENT_DATA { if { [string tolower [TCP::payload 10]] starts_with "starttls" } { TCP::payload replace 0 [TCP::payload length] "STARTTLS\r\n" } TCP::release TCP::collect } when SERVER_CONNECTED { TCP::collect } when SERVER_DATA { TCP::release clientside { TCP::collect } }415Views0likes0Comments