Need iRule to block the traffic for specific URL
Hello Can somebody help on this please? I have LTM appliance &Virtual server 'https://www100.test.com' hosted. The requirement I have is to block all the traffic destinated to one of the application 'https://www100.test.com/ce' - is this something achievable by iRule If so do you have any idea on the iRule? Would appreciate somebody can help. Have seen this - https://support.f5.com/csp/article/K74012450 but that is looking too complex to me. Thanks
Redirect https to https virtual server Certificate question
Hi, i have to redirect a https request to a https virtual server , i have in mind to use an irule as follows: when HTTP_REQUEST { set url [HTTP::uri] if {[regexp {"STRING"} $url]} { virtual /Common/MyVirtual } } To do so , i have to set the HTTP profile (client) to http to be able to assing the corresponding Irule to the VS, but requests doesnt work as i have to select the SSL Profile , here the problem. i created a new SSL client profile and tried to set the Certificate Key chain, but doesnt work ( i think i did it wrong) The source https request is using a certificate, that i can see already stored at the F5 , inside file ca-bundle.crt , also from the source server i was able to get the certificate and tried to create a new certificate , but doesnt work , i think i'm missing the key or something. When creating the certificate it's mandatory to generate it as Certificate Authority? or it can be self? Note: i'm not very good at certificates with F5 , i know how to create irules, manage the F5 and so on .. but i'm lost with the certificates part. Thanks in advance.
F5 r10800 not connected to Cisco Nexus 9000
10G and 25G interfaces on F5 rSeries 10800 (F5os version 1.5.2 ) port fail to establish links with Cisco Nexus switches C93360YC-FX2 (nxos version 9.3.5) both side module model are: type is SFP-H25GB-SR name is F5 NETWORKS INC. part number is OPT-0053 is ther a solution to this problem??
About Vulnerability Countermeasures
Thank you for your assistance. I would like to know if the following product is effective as a vulnerability countermeasure. Product name: F5 Rules for AWS WAF Common Vulnerabilities and Exposures Target vulnerability: CVE-2021-26691 CVE-2021-26690 CVE-2020-35452 We apologize for the inconvenience, but we would appreciate it if you could check on this issue as soon as possible. Thank you in advance for your cooperation.
F5 not Identifying Parameter in Text/Plain Upload
In a webkit: content disposition header, name="file" ; filename="EXAMPLE DOCUMENT 2024.txt" Content-type: text/plain Document data example system ( The issue is that there is already a parameter built at the URI for file as an upload, set to block executables. Yet, it seems that the F5 continues to scan the document and it is not picking up the built parameter. Is it doing this by design? Since F5 is able to parse text? This seems to happen on uploads whose content types are text and xml.
Creating iRule for Persistence Profile
Dear Community, Could you assist me in creating an iRule for a Persistence Profile requirement related to an SSO application? When users access our application via desktop, they are presented with a QR code for scanning through a mobile app to authenticate and gain access. The issue arises when, after browsing the website from the desktop (with the session routed to one node via F5 LTM), another request from the mobile app after scanning the QR code is routed to a different node. Ideally, both requests should be directed to the same node. To resolve this, the iRule needs to compare the var topic parameter with the QR_AUTHENTICATION_CHANNEL_ID from the mobile request and ensure both are directed to the same node attached is the screenshot of the code and HTML code of the website /*<![CDATA[*/ var endpoint = "\/qr-websocket"; var topic = "80f95f6f-cecf-4ab6-a70b-1196194e4baa"; var prefix = "\/qrtopic"; var stompClient = null; $(function () { var socket = new SockJS(endpoint); stompClient = Stomp.over(socket); stompClient.connect({}, function (frame) { stompClient.subscribe(prefix + '/' + topic + '/verify', function (result) { console.log(result.body); let body = JSON.parse(result.body); if (body.error) { $("#qrerror").show(); } else if (body.success) { stompClient.disconnect(); $("#qrerror").hide(); $("#qrform #token").val(body.token); $("#qrform #deviceId").val(body.deviceId); $("#qrform").submit(); } }); }); }); /*]]>*/ Regards Omran MohamedWhen user goes through LB the server page has stripped information
I have created a pretty simple round robin load balancing for a user with three servers. As a part of this I also have DNS LB in place that sends the traffic to two VIPs that are connected to the three nodes in a pool I have created on my LTM F5. User accesses the LB DNS URL I provide via Https://<>.com > VIP > Pool > Nodes. There is a certificate applied to the clientssl and serverssl profiles attached to the VIPs. The user is able to get to their backend servers/nodes when going through the load balancer, but we are coming across an interesting issue. When the user goes through the F5 the server dashboard page they usually see is stripped of information on that dashboard. Typically, there would be tiles shown on the server dashboard, but it is just the basic UI and none of the tiles. When the user goes directly to their server, all the information/tiles are shown as normal. I have never experienced this problem before and am not sure how to prove out the F5 is causing the issue or how it is happening. Any insight would be greatly appreciated! *Attached file shows what I'm explaining.F5 AWAF Bot Defense Whitelist
According to https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/configuring-bot-defense.html, having whitelists can speed up access time to the website. Is it because WAF will not check those whitelisted URLs coming to the web site, thereby making it faster? (Faster when users access the web site because less traffic to be validated by WAF?)How to accept Application requests at WAF F5
Dear All, I just apply WAF policy. The enforcement mode is blocking. Policy Building learning mode "Manual" Policy Builder Learning Speed "Medium" Other setting is default setting. After apply this kind of configuration, the user can't finish registering an account at our website. When go to Event Logs -> Application the show the traffic has been blocking. Attack Types "JSON Parser Attack" But this is valid traffic. I try to accept this traffic, but after test again. The traffic will block again. So my question is, how to I permanently accept this traffic and no blocking in future.
