C3D, Client Certificate passing issue
For application new requirement, we need to pass the client certificate to backend server. We enabled the C3D option on the client and server SSL profile. I created the CA certificate and key (https://support.f5.com/csp/article/K14499) and attached to Server SSL profile. The below be the client and Server SSL profile (https://support.f5.com/csp/article/K14065425) . Refer the below settings. Prerequisites: • You must have a CA-Bundle used to validate incoming client certificates. --> Used Company's Certificate Bundle • You must have a Certificate and Key for Reverse Proxy -->Current application certificate • You must have a CA Certificate and Key that has the ability to create new certificates --> Created CA certificate and key from F5 (https://support.f5.com/csp/article/K14499) But when the client try to access application, we are getting SSL handshake error. Any configuration need to correct on F5 or ? Appreciate your help on this. 021-07-12 01:34:31,510 +0000#INFO#com.sap.scc.rt#com.sap.scc.servlets.AccessControlServlet$3# #SccEndpointValidator has thrown exception for HTTPS://141.122.200.74:64801: Received fatal alert: handshake_failure javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 2021-07-12 01:34:31,510 +0000#INFO#com.sap.scc.ui#com.sap.scc.servlets.AccessControlServlet$3##Error when checking local connectivity to gatewaypp:64801 --> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
APM :: Async Error :: Session deleted due to user inactivity
Anybody run into this error before? Been chasing "Session deleted due to user inactivity" when the user swears that it disconnects in the middle of their session while they are actively working. Saw this in the informational logs and wondered if it was related... 2018-03-29 01:29:19 /Common/main:Common:xxxxxxxx: {61b5.C} An exception is thrown: AsyncError:1: SuppliedUnexpectedAnyBig-IP Edge Client HELP!!!! SEH_Filter, UNHANDLED EXCEPTION!!! Code: 0xc000001d - Illegal instruction- ON windows 11 VM
Hello Folks, i am running the new MacBook with m1 chip and it requires that i can only run ARM based vm on it. I did find a windows 11 insider edition on ARM architecture. I got the windows 11 VM up and running and then installed the client downloaded from my company available publicly here. https://vpnconnect.bell.ca/vpn/public/share/BIGIPEdgeClient.exe The client starts up but then immediately closes after about 5s and in the logs the last error thrown is - Error 2021-11-24 3:34:46:061 Standalone SEH_Filter, UNHANDLED EXCEPTION!!! Look for F5CORE*.dmp files. Address: 0x71a0db00. Code: 0xc000001d - Illegal instruction earlier on a older laptop - i used to run a windows 7 vm on mac os and used the same client and same steps and it worked without any issues, but now with the new ARM architecture i can ONLY install windows 11 vm . so not sure if the issue is the architecture or windows 11 or something else? Please help suggest how I can proceed ? This is really critical I get the edge client working and connected on the windows 11 VM as i have apps that require the use of windows. Thanks in advance!!!
Catch an error in iRule execution
I would like some help in handling errors in an iRule. Below is the code snippet upto which I have been able to achieve, but haven't been able to get the desired results. when HTTP_REQUEST { #If XFF exists then change Source IP to the first IP that you find in XFF which is the origin. Check this at the very start. if { [HTTP::header values "X-Forwarded-For"] ne "" } { set remoteip [getfield [HTTP::header X-Forwarded-For] "," 1] } if { [catch { if { [class match $remoteip equals MY_BLACKLIST_IPS] && not [class match $remoteip equals MY_PROXY_IPS] } { # reject the request here. log local0. "Request is rejected here." reject return } } err] } { log local0. "Error found in the iRule process ${err}" } return } I want to log the error as well due to which the iRule encountered. The error currently is being logged as empty.
Virtual server details get a 404 with CURL
Hi, I am trying to get the virtual server details from a CURL call: curl -svku "admin:admin" https://0.0.0.0/mgmt/tm/ltm/virtual/virtualtest And I keep getting the following error: {"code":404,"message":"01020036:3: The requested Virtual Server (/Common/virtualtest) was not found.","errorStack":[],"apiError":3} What am I missing? The virtual server does exist. I am using F5 version 12.1.2 Thank you.
Per-Request policy Proxy Select and HTTPS
Hi, I can't see any info about limitation for Proxy Select object in Per-Request Policy (PRP) to only http traffic. It's working without issue for http request and pass them to upstream proxy. For https requests (with SSL Bypass Set before Proxy Select) Connection is never reaching upstream proxy. Instead in PRP log I have entry: Common/explicit_proxy_policy:Common:642030b8: Executed agent (/Common/explicit_complete_bypass_act_proxy_select_ag) failed with reason (UNKNOWN) Any idea why? PiotrHSTS for Custom Response page
Hi, I have HSTS enabled on a number of sites via an iRule(I have also tried on the http profile) however I have noticed that when the custom response page is tried in ASM the page does not have the HSTS header in the response. I understand that the F5 inserts the hsts information on the response from the server as it passes through the F5 back to the client but in this case the request never makes it to the server, but it does make it to the F5. The F5 blocks the requests for any number of reasons defined in the policy and responds with the custom response page. While I do see the HSTS header when browsing the site, I do not see the HSTS header when the custom response page is served. Is it possible to enable HSTS for the custom response page? One of our apps requires a number of parameters to be passed to it in order to load. If a user browses directly to the domain the custom response is served. As a result ssllabs scans do not detect HSTS.
