Switch ssl profile based on weak cipher detection via IRULE
Hi Team, I am looking to create an IRULE to switch ssl profile, if weak cipher detected on tls1.2connection I have created below script but it not accepting on f5 and giving error. Please help me correct below IRULE. IRULE:- when CLIENTSSL_HANDSHAKE { set hsl [HSL::open -proto UDP -pool POOL-SPLUNK-SYSLOG] # List of ciphers to log set log_ciphers { "AES256-GCM-SHA384" "AES128-GCM-SHA256" "ECDHE-RSA-AES256-CBC-SHA" "ECDHE-RSA-AES128-SHA256" "AES256-SHA" "AES128-SHA" "AES128-SHA256" "ECDHE-RSA-AES256-SHA384" } # Get the negotiated cipher set negotiated_cipher [SSL::cipher name] # Apply profile based on TLSv2 if { [string match "*TLS1.2*" $negotiated_cipher] } { SSL::profile weak_cipher_profile } else { SSL::profile strong_cipher_profile } # Log details for specific ciphers if { [lsearch -exact $log_ciphers $negotiated_cipher] != -1 } { HSL::send $hsl "<190>, Cipher Matched: $negotiated_cipher, ClientIP:[IP::client_addr], F5 Vip:[IP::local_addr], Destination Port:[TCP::local_port]" } }Special Global Live Webinar (01/16): AI Under Attack: F5 AI Gateway Solves Security Challenges
Al Under Attack: F5 Al Gateway Solves Unique Security Challenges This webinar event is open to all regardless of geographic location. Date: Thursday, January 16, 2025 Time:10:00am PT | 1:00pm ET Speakers: Lori MacVittie, F5 Distinguished Engineer & Chief Evangelist, F5 | Aubrey King, Community Evangelist, F5 What's the webinar about? Elevate your AI game! Join our upcoming webinar to dive deep into AI security challenges and discover how the F5 AI Gateway offers unmatched protection, acceleration, and observation for your AI applications. Learn about innovative security measures, best deployment practices, and the importance of monitoring AI traffic. Don't miss out on equipping yourself with the essential tools to secure and optimize your AI models. Key Takeaways: AI Security Challenges: Understand why traditional API security won't cut it for AI. Comprehensive Solutions: Protect your AI models from prompt injection, model manipulation, and more. Performance Acceleration: Optimize AI application performance while ensuring compliance. Seamless Integration: Discover how F5 AI Gateway supports hybrid and multicloud environments. Register Today Note. If you can't make the live webinar on 01.16.25, still register and will send you the link to the on-demand recording
BIG IP Link failover happen but i try to link fallback
I have used LTM-DNS with AFM on BIG IP. For Internet outgoing I used wildcard VS link failover happens when wan1 is down it goes to wan2 but I want to link fallback when WAN1 comes up again. We noticed that when one link (WAN1) goes down, traffic shifts to the other link (WAN2) as expected. However, when the WAN1 link comes back up, traffic does not automatically route back to it. To move traffic back to WAN1, we need to disable the WAN2 link manually or physically remove it. Thanks Prasad
VPN issues
Hi, I have Verizon 5G home internet with upload speeds of 200+ Mbps but that drops to 3.2-3.6 Mbps once I log into the Big-IP VPN that is required for work. I did not have this issue historically. My employer updated the VPN a few weeks ago, and the issue arose then but work IT is unable to assist thus far. Any help is appreciated.Advent of Code - 2024
Who's in? I got day 1 in python knocked out (yesterday now, 12:35am local as I write this) earlier today. Going to see if I can mock up part 1 of day 1 in an iRule for tomorrow morning's brain exercise...will share my results! I created a leaderboard if we want to get competitive in all this. Code is 4383550-0e9fdf83 if you want to join in.
APM parse HTTP Connector json to message box, iRule etc.
Hello all, I have configured per-session and per-request policies on my APM (APM+LTM) mode and in the process of authentication I want to get some data from external web server. Data is in JSON format. To do that I have created HTTP Connector, assigned it to my per-request policy via subroutine and i can see that the subsession variables are beeing populated correctly via the HTTP Connector (with option save data, i can parse it but the result is the same, just more variables - one per JSON field). In the Overview:Active Session i can see subsession with the following variable with my data: 879cb369./Common/HTTPConnector/XXXXXXXXXXX==.nvp_block.subsession.http_connector.body Now I wanted to get this data and use it in my authentication flow and iRule but it doesn't work. First I wanted to test it, by assiginig variable and showing a simple message box in PerReq-policy: And after that the massage box with: %{perflow.custom} - it doesnt work. Also tried to just show it in logs with iRule like in documentationltm rule command ACCESS perflow (f5.com) So i created an iRule agent in per-request-policy pointing to bellow iRule and attached iRule to my VS: when ACCESS_PER_REQUEST_AGENT_EVENT { set $body [ACCESS::perflow get subsession.http_connector.body] log local0. $body } But it doesnt show anything. I have few questions: Is it even possible to access variables in subsession that got retrieved via HTTPConnector and use it further? For example to build JWT for auth? Can I assign more than two custom variables from subsession? according to this guide i can only use perflow.custom and perflow.scratchpad?: Using Variable Assign to populate gating criteria,Using Variable Assign to populate gating criteria,Using Variable Assign to populate gating criteria (f5.com) Using Variable Assign to populate a perflow variable other than perflow.custom and perflow.scratchpad causes subroutine results to become unreliable. 3. Maybe there is an other option to achieve my goal?
Very Dark Black Screen Issue After Logging into BIG-IP Web GUI
Hi everyone, Very Dark Black screen appears when I try to access the BIG-IP Web GUI. The login page loads fine, but after logging in, the screen stays blank, and no interface elements are displayed.I have tried using different browsers and cleared the cache, but the issue persists. Has anyone experienced this or knows how to resolve it? Any help would be greatly appreciated. Thank you!how to enable or disable DOS dashboard on big-ip?
we have enabled ddos under security, but suddenly nothing is displayed under the DOS dashboard under "Statisitcs" disappeared, it seems someone changed the setting. Can anyone please advise how he/she change the setting to disable the system to show the statistics about DOS? thanks in advance!
