event
195 TopicsHigh CPU utilization (100%).
I observed high CPU utilization (100%) on F5 device, resource provision ASM nominal. I checked the client-side throughput and server-side throughput both are normal but found management interface throughput is very high and what i noticed this is happening in same time period for last 30 days. What could be the reason for this spike. Many thanks in advanced for your time and consideration.129Views0likes14CommentsASM don't block attack XSS
hi all, I enabled all the XSS signatures and all signatures are state no staging. why the asm don't block this : <script>alert("attack")</script> It match to some Attack Signature ID : 200101609 , 200001088, 200000098, 200001475 Here is state of signature ID 200001475 Thanks.44Views0likes5CommentsWhat is the best log Log Analysis Tool for F5 AFM/APM?
At the moment we use Graylog as a Log Analysis Tool. But we are not happy with it. Very difficult to install and to maintain when you are not a linux freak. After updating our Linux System Graylog isn't working anymore. Best solution would be an appliance. any advice?Solved1.6KViews0likes3CommentsF5 ASM Response logging show different timezone from Request logging
Dear All Respected Members, I have a question on f5 AWAF response logging. I am setting up a WAF policy to block attacks and monitor all traffic to and from the real servers. I can see the logs generated for both request & response, but it shown incorrect log timezone for responses. BIG-IP, real server and client are set local time zone GMT+7, but the repone logs are GMT. I have double checked timezone on all devices are configure correctly. Could you advise me what is the root cause and how to fix it? Thanks.147Views0likes2CommentsSingle node serving more traffic than other nodes in the pool.
Hi Team - I have a question on the below setup, i am a starter in F5 and recently came across in F5 that one node in the pool is serving more traffic than others. - load balancing method is - Round robin no Persistance configured. I am not sure what is making one node to send and receive more traffic than other nodes. Can someone let me know the reason for this behavior.. Thanks in advance.75Views0likes5CommentsK000136009 mount: /usr is busy
Hello Community, I've tried to follow the instructions on K000136009. It works except for point 4. Remount command shows "mount: /usr is busy" Is there any way to resolve the issue without a device reboot? After a reboot the /user partition is operating in read only again. Many thanks rschwarzSolved33Views0likes2CommentsLogging Server-IP with OneConnect
Due to the usage of SNAT (design requirement) the servers are loosing the visibility, which real clients are connecting. Therefor the LTM should provide these information with internal logging (client-IP <-> VS <-> server-IP). But we are also using OneConnect, where logging of all sub-sequent requests of an existing server-side connection are getting "lost". Is there any solution available to still provide such a full logging information with OneConnect enabled? Or is disabling OneConnect the only solution? Thank you! Regards Stefan :)17Views0likes0CommentsHow to lift the connection limit for a given IP address ?
help me --------------------- when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals 10.3.125.142 ] } { TCP::limxmit disable log local0. "#######limit disable action " } } ---------------------------- This script doesn't work, is there another way?38Views0likes2Commentsirule does not work in browsers other than google
Hello forum team, I wrote and implemented an irule for redirection. It doesn't work in Chrome without adding “/” at the end of the path. In Firefox and Ms edge it doesn't work at all. My irule is as follows: when HTTP_REQUEST { if { [HTTP::path] equals “/” } { HTTP::redirect “/wm/” } } Has anyone had experience with this?33Views0likes1CommentHelp with iRule Proxy
Hi team, I’m working on an iRule where I need to replace the path /admin with the root / and forward the request to the appropriate pool. However, I’m encountering issues with the rule, and it doesn't seem to work as expected. Here’s the first version I implemented: when HTTP_REQUEST { if {[string tolower [HTTP::host]] equals "test.com" and [HTTP::path] starts_with "/admin"} { HTTP::path [string map -nocase {"/admin" "/"} [HTTP::path]] pool POOL-A #log local0.info "Client Address --> [IP::client_addr] | Path: [HTTP::path] | Pool: POOL-A" } else { pool POOL-B #log local0.info "Client Address --> [IP::client_addr] | Path: [HTTP::path] | Pool: POOL-B" } } After some research, I saw that HTTP::path might need to be changed to HTTP::uri. I tried this version: when HTTP_REQUEST { # Log the original URI for debugging log local0. "Original URI: [HTTP::uri]" # Check if the URI starts with "/admin" if {[HTTP::uri] starts_with "/admin"} { # Modify the URI by replacing "/admin" with "/" set new_uri [string map {"/admin" "/"} [HTTP::uri]] HTTP::uri $new_uri # Log the modified URI for debugging log local0. "Modified URI: [HTTP::uri]" # Forward the request to the appropriate pool pool POOL-A } else { # Log default traffic for debugging log local0. "Default traffic - URI: [HTTP::uri], Pool: POOL-B" # Forward to the default pool pool POOL-B } } Issue: Neither version seems to work. When I test requests to /admin, the path replacement does not happen as expected or The replace of path does not allow me to reach any subfolders after root “/” (ex. help, etc etc) and on these objects we faced 404 not found error.Could someone point out what I might be missing or any best practices for this kind of path manipulation? Thanks!46Views0likes1Comment