About Vulnerability Countermeasures
Thank you for your assistance. I would like to know if the following product is effective as a vulnerability countermeasure. Product name: F5 Rules for AWS WAF Common Vulnerabilities and Exposures Target vulnerability: CVE-2021-26691 CVE-2021-26690 CVE-2020-35452 We apologize for the inconvenience, but we would appreciate it if you could check on this issue as soon as possible. Thank you in advance for your cooperation.
F5 r10800 not connected to Cisco Nexus 9000
10G and 25G interfaces on F5 rSeries 10800 (F5os version 1.5.2 ) port fail to establish links with Cisco Nexus switches C93360YC-FX2 (nxos version 9.3.5) both side module model are: type is SFP-H25GB-SR name is F5 NETWORKS INC. part number is OPT-0053 is ther a solution to this problem??
F5 not Identifying Parameter in Text/Plain Upload
In a webkit: content disposition header, name="file" ; filename="EXAMPLE DOCUMENT 2024.txt" Content-type: text/plain Document data example system ( The issue is that there is already a parameter built at the URI for file as an upload, set to block executables. Yet, it seems that the F5 continues to scan the document and it is not picking up the built parameter. Is it doing this by design? Since F5 is able to parse text? This seems to happen on uploads whose content types are text and xml.
Creating iRule for Persistence Profile
Dear Community, Could you assist me in creating an iRule for a Persistence Profile requirement related to an SSO application? When users access our application via desktop, they are presented with a QR code for scanning through a mobile app to authenticate and gain access. The issue arises when, after browsing the website from the desktop (with the session routed to one node via F5 LTM), another request from the mobile app after scanning the QR code is routed to a different node. Ideally, both requests should be directed to the same node. To resolve this, the iRule needs to compare the var topic parameter with the QR_AUTHENTICATION_CHANNEL_ID from the mobile request and ensure both are directed to the same node attached is the screenshot of the code and HTML code of the website /*<![CDATA[*/ var endpoint = "\/qr-websocket"; var topic = "80f95f6f-cecf-4ab6-a70b-1196194e4baa"; var prefix = "\/qrtopic"; var stompClient = null; $(function () { var socket = new SockJS(endpoint); stompClient = Stomp.over(socket); stompClient.connect({}, function (frame) { stompClient.subscribe(prefix + '/' + topic + '/verify', function (result) { console.log(result.body); let body = JSON.parse(result.body); if (body.error) { $("#qrerror").show(); } else if (body.success) { stompClient.disconnect(); $("#qrerror").hide(); $("#qrform #token").val(body.token); $("#qrform #deviceId").val(body.deviceId); $("#qrform").submit(); } }); }); }); /*]]>*/ Regards Omran MohamedWhen user goes through LB the server page has stripped information
I have created a pretty simple round robin load balancing for a user with three servers. As a part of this I also have DNS LB in place that sends the traffic to two VIPs that are connected to the three nodes in a pool I have created on my LTM F5. User accesses the LB DNS URL I provide via Https://<>.com > VIP > Pool > Nodes. There is a certificate applied to the clientssl and serverssl profiles attached to the VIPs. The user is able to get to their backend servers/nodes when going through the load balancer, but we are coming across an interesting issue. When the user goes through the F5 the server dashboard page they usually see is stripped of information on that dashboard. Typically, there would be tiles shown on the server dashboard, but it is just the basic UI and none of the tiles. When the user goes directly to their server, all the information/tiles are shown as normal. I have never experienced this problem before and am not sure how to prove out the F5 is causing the issue or how it is happening. Any insight would be greatly appreciated! *Attached file shows what I'm explaining.
F5 AWAF Bot Defense Whitelist
According to https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/configuring-bot-defense.html, having whitelists can speed up access time to the website. Is it because WAF will not check those whitelisted URLs coming to the web site, thereby making it faster? (Faster when users access the web site because less traffic to be validated by WAF?)How to accept Application requests at WAF F5
Dear All, I just apply WAF policy. The enforcement mode is blocking. Policy Building learning mode "Manual" Policy Builder Learning Speed "Medium" Other setting is default setting. After apply this kind of configuration, the user can't finish registering an account at our website. When go to Event Logs -> Application the show the traffic has been blocking. Attack Types "JSON Parser Attack" But this is valid traffic. I try to accept this traffic, but after test again. The traffic will block again. So my question is, how to I permanently accept this traffic and no blocking in future.Unable to edit or modify Policy is Case Sensitive Option in F5 WAF
Hello Team, I've encountered an issue with the WAF Case Sensitive Option in Version 16.1.2.2 Build 0.0.28. In the Security Settings under Application Security, specifically within Security Policies, the "Policy is Case Sensitive" setting is enabled, (Login LB > Security > Application Security > Security Policies > Policies List > [XXX Policy] > General Settings >> Policy is Case Sensitive : Yes) Where I am unable to modify it directly. Despite my efforts to resolve this by downloading and re-uploading the policy, the option to change the case sensitivity remains inaccessible. Additionally, I reviewed a related support article which suggested using an iRule as a workaround for case sensitivity issues. The proposed iRule is as follows: when HTTP_REQUEST { HTTP::path [string tolower [HTTP::path]] } While this iRule effectively converts the request path to lowercase, it does not resolve the need to configure case sensitivity within the WAF Policy itself. I seek assistance in either enabling the option to modify the case sensitivity directly within the WAF Policy settings or in finding an alternative method to achieve the desired configuration. Any insights or advanced troubleshooting steps would be greatly appreciated. Thank you.Forward ASM event logs to Virtual server
Greetings. I want to forward the logs coming to ASM Policies to 2 syslog servers for the purpose of Failover Load balancing. For this I created a VS running on port 514 and I send to the pool running on port 514 but it doesn't go. When I send it with a regular log profile, the logs are forwarded to me, but it needs to go from VS as a load balance (fail-over).
