event
193 TopicsF5 ASM Response logging show different timezone from Request logging
Dear All Respected Members, I have a question on f5 AWAF response logging. I am setting up a WAF policy to block attacks and monitor all traffic to and from the real servers. I can see the logs generated for both request & response, but it shown incorrect log timezone for responses. BIG-IP, real server and client are set local time zone GMT+7, but the repone logs are GMT. I have double checked timezone on all devices are configure correctly. Could you advise me what is the root cause and how to fix it? Thanks.136Views0likes2CommentsSingle node serving more traffic than other nodes in the pool.
Hi Team - I have a question on the below setup, i am a starter in F5 and recently came across in F5 that one node in the pool is serving more traffic than others. - load balancing method is - Round robin no Persistance configured. I am not sure what is making one node to send and receive more traffic than other nodes. Can someone let me know the reason for this behavior.. Thanks in advance.66Views0likes5CommentsK000136009 mount: /usr is busy
Hello Community, I've tried to follow the instructions on K000136009. It works except for point 4. Remount command shows "mount: /usr is busy" Is there any way to resolve the issue without a device reboot? After a reboot the /user partition is operating in read only again. Many thanks rschwarzSolved33Views0likes2CommentsLogging Server-IP with OneConnect
Due to the usage of SNAT (design requirement) the servers are loosing the visibility, which real clients are connecting. Therefor the LTM should provide these information with internal logging (client-IP <-> VS <-> server-IP). But we are also using OneConnect, where logging of all sub-sequent requests of an existing server-side connection are getting "lost". Is there any solution available to still provide such a full logging information with OneConnect enabled? Or is disabling OneConnect the only solution? Thank you! Regards Stefan :)13Views0likes0CommentsHow to lift the connection limit for a given IP address ?
help me --------------------- when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals 10.3.125.142 ] } { TCP::limxmit disable log local0. "#######limit disable action " } } ---------------------------- This script doesn't work, is there another way?38Views0likes2Commentsirule does not work in browsers other than google
Hello forum team, I wrote and implemented an irule for redirection. It doesn't work in Chrome without adding “/” at the end of the path. In Firefox and Ms edge it doesn't work at all. My irule is as follows: when HTTP_REQUEST { if { [HTTP::path] equals “/” } { HTTP::redirect “/wm/” } } Has anyone had experience with this?29Views0likes1CommentHelp with iRule Proxy
Hi team, I’m working on an iRule where I need to replace the path /admin with the root / and forward the request to the appropriate pool. However, I’m encountering issues with the rule, and it doesn't seem to work as expected. Here’s the first version I implemented: when HTTP_REQUEST { if {[string tolower [HTTP::host]] equals "test.com" and [HTTP::path] starts_with "/admin"} { HTTP::path [string map -nocase {"/admin" "/"} [HTTP::path]] pool POOL-A #log local0.info "Client Address --> [IP::client_addr] | Path: [HTTP::path] | Pool: POOL-A" } else { pool POOL-B #log local0.info "Client Address --> [IP::client_addr] | Path: [HTTP::path] | Pool: POOL-B" } } After some research, I saw that HTTP::path might need to be changed to HTTP::uri. I tried this version: when HTTP_REQUEST { # Log the original URI for debugging log local0. "Original URI: [HTTP::uri]" # Check if the URI starts with "/admin" if {[HTTP::uri] starts_with "/admin"} { # Modify the URI by replacing "/admin" with "/" set new_uri [string map {"/admin" "/"} [HTTP::uri]] HTTP::uri $new_uri # Log the modified URI for debugging log local0. "Modified URI: [HTTP::uri]" # Forward the request to the appropriate pool pool POOL-A } else { # Log default traffic for debugging log local0. "Default traffic - URI: [HTTP::uri], Pool: POOL-B" # Forward to the default pool pool POOL-B } } Issue: Neither version seems to work. When I test requests to /admin, the path replacement does not happen as expected or The replace of path does not allow me to reach any subfolders after root “/” (ex. help, etc etc) and on these objects we faced 404 not found error.Could someone point out what I might be missing or any best practices for this kind of path manipulation? Thanks!45Views0likes2Comments201 Recommendations for Study
Hello mates, I am a new member of the forum😀 I have to retake my 201 exam again in February and it´s been a while since the last time I touch a F5 device. I tried to look for the PDF which, as I remember, it was pretty solid material for the exam and the last time, I was able to pass the exam at the first attempt by only using the study guide and a F5 device I had on the lab. But I´ve seen recently that the guide is not longer available where it was: https://clouddocs.f5.com/training/community/f5cert/html/class3/class3.html May you kindly recommend me documentation and good material for my study. Much appreciate it! Regards,1.9KViews0likes9CommentsProblems connecting to vpn after upgrading to ubuntu 24.04
good afternoon, I have upgraded ubuntu to 24.04 and since then I can no longer connect correctly to the vpn with the f5 client. In the client it appears that I am connected to the vpn, but then I do not reach any of the sites and servers that with the 22.04 version if it arrived. Can you help me.3.6KViews2likes8CommentsHow to accept Application requests at WAF F5
Dear All, I just apply WAF policy. The enforcement mode is blocking. Policy Building learning mode "Manual" Policy Builder Learning Speed "Medium" Other setting is default setting. After apply this kind of configuration, the user can't finish registering an account at our website. When go to Event Logs -> Application the show the traffic has been blocking. Attack Types "JSON Parser Attack" But this is valid traffic. I try to accept this traffic, but after test again. The traffic will block again. So my question is, how to I permanently accept this traffic and no blocking in future.45Views0likes4Comments