LTM Rewrite Profile for URI Translation
Anyone having success with this? I tried setting this up and cannot get it to work. My setup is a LTM VS with an APM policy applied. I created the rewrite profile from the LTM section and setup a URI/Server combination like: /SO_SO_IN --> https://backendserver.sample.com/my/new/uri/is/this I have an iRule setup for logging only and have events in to follow through the process. One of the events I have is the REWRITE_REQUEST_DONE and I never see it get triggered and the outgoing URL to the pool has the same host and uri in it. I am using this URL to get the image for the LTM/APM flow: https://devcentral.f5.com/articles/http-event-order-access-policy-manager Any thoughts for iRule logging to see if the rewrite profile is even being evaluated? I have set the APM log to debug and it looks like once it passes the ACL validation it passes straight back into the LTM. I have learned more about the F5 this week than I ever thought I would trying to figure this out and an issue with the LTM handing off to the APM when dealing with HTTP POST larger than around 64k.
f5 LB iRule Redirection for POST method
Hello guys, I need some help here. There user is hitting the url which has a VIP1 on LB1 and from there it is getting redirected to VIP2 on LB2 using an iRule. When I used 307 redirection, it didn't work for POST method as it was coming from some SOAP UI tool (Worked for GET). Am I missing something here? Trying to check if I need to modify my rule. when HTTP_REQUEST { set uri "[HTTP::uri]"switch -glob [HTTP::uri] { "/some_uri/*" { if { [string tolower [HTTP::method]] eq "POST" } { HTTP::respond 307 Location "https://test.example.com" } } default { pool some_pool } } } Please help. Thanks, R
Cannot POST files >60KB via BIGIP LTM
Hi, My Customers are facing an issue wherein the users not able to POST files >60KB to an application abc.xyz.com hosted on BIGIP. Below is the error they see, {"errors":["errors.adt.ci.metainfo.provider.not.found "]} However, they are able to send directly to the backend server without any issues. For the above VS on BIGIP, the default HTTP profile has been attached wherein the Maximum Header Size is as around 32KB. Is there anyway to increase this file limit or solve this issue ??? Thanks in advance, MSK
Collect and resend cookie headers and values in 307 POST redirect
Hi All, I am working on a solution to trigger a APM access policy logout and afterwards send the POST request with data and headers to the external website. The reason why I do this is quiet complex and I can explain this setup in another article. The issue is that the HTTP cookies and values are not being send to the external website. So I created the following Irule and when there is an APM allowed session and the URL /logmeout is triggered the session is closed and the client receives the redirect 307 with POST method and data, but the HTTP cookies are missing from the request. I was thinking to include a set cookie for each cookie but there are several cookies here which need to be resend. Is there perhaps an easier way to retrieve the original cookies and values store them in a variable and use it in the ACCESS::respond action? perhaps using the HTTP::cookie names method will that store all cookie names and values at once? when ACCESS_ACL_ALLOWED { if { [HTTP::uri] contains "/logmeout" } { log local0. "logout requested from IP [IP::client_addr] URI [HTTP::uri] query [HTTP::query]" ACCESS::session remove ACCESS::respond 307 Location "HTTPS://myredirectwebsite[HTTP::query]" } }
Inspect POST Request for Existence of Username Parameter
Is it possible to to check if a username has been provided in a POST request? Could this be done via HTTP::username command or would a HTTP::collect be needed to inspect the payload of the request? Would you be able to provide an example of how this might be done via an Irule.Print string found in Data Group to Log
I have an iRule that is looking in the HTTP POST request method data payload for a string that is defined in a data-group. I would like to print to the log whichever string from the referenced data-group is found. # See https://devcentral.f5.com/s/question/0D51T00006i7hpJSAQ/irule-to-block-requests-with-specific-word # #ltm data-group internal restricted_dg { #records { #restricted {} #} #type string #} when HTTP_REQUEST_DATA { set payload [HTTP::payload] if {[class match [string tolower $payload] contains "restricted_dg"]} { # set variable named restricted_text to the string found in $payload # that matches something in data-group restricted_dg log local0. "Rejecting restricted content $restricted_text" reject } }Please help with monitor doing a post!!!
Hi guys, I need your help please. I need to configure a monitor to do a post and get a 204, but it is not working. If I do a curl like this, I get the http 204 that I am looking: curl -X POST -sL '[http://192.168.10.131/api/rest/checks/v0/void](http://192.168.10.131/api/rest/checks/v0/void)' -H 'Authorization: Basic ZjUZjjU=' -H 'Content-Type: application/json' -d '{"data": ""}' -m 30 -v Below the monitor I configured and it is not working. ltm monitor http TEST_POST { adaptive disabled defaults-from http destination *:* interval 3 ip-dscp 0 recv "HTTP/1.1 (204)" recv-disable none send "POST /api/rest/checks/v0/void HTTP/1.1\r\nHost: 192.168.10.131\r\nAuthorization: Basic ZjUZjjU= \r\n" time-until-up 0 timeout 10 Thanks in advance and sorry in advance if the mistake is too silly.F5 Doesnt send POST request to ICAP
Hi All I have a VS on F5 which is an SSL Offloading VS to begin with and then also acts as content switching VS by the virtue of an irule. It also has some irules for basic stuff like Diable HTTP options in header and also redirect http to https ( well its not required but client has it there). Now I can see the F5 is sending all traffic to ICAP but that one POST for file upload. Just sends it to backend server. ICAP server here is Trend Micro Anyone faced similar issue before? We are v11.3.0 currently. Were on 11.6.1 and upgraded before I took up this issue. Let me know if you need further details.Persistence Across HTTP Methods
Problem this snippet solves: This code will provide persistence across GET & POST HTTP Methods using Client IP & SessionID as the persistence key. How to use this snippet: This code provides a simple structure that can be adapted to specific use cases. The code can be used as a standalone iRule or used along with Universal Persistence. It is recommended to enable OneConnect profile for this code in order to process individual HTTP Requests. Code : when HTTP_REQUEST { set HOST [string tolower [HTTP::host]] set SRCADDR [IP::remote_addr] if { $HOST contains "domain.com" } { #Match on HTTP Method GET if { [HTTP::method] equals "GET" } { set SESSIONID [findstr [HTTP::uri] "uuid=" 5 20] set KEY [crc32 $HOST$SESSIONID] #Persistence based on source address & session id present in URI persist hash $KEY 14400 #Start collecting content provided by POST method } elseif { (([HTTP::method] equals "POST") and ([HTTP::uri] contains "/amm/ampxml.jsp")) } { if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048} { set CONTENT [HTTP::header "Content-Length"] } else { set CONTENT 1048 } if { $CONTENT > 0 } { HTTP::collect $CONTENT } } } } #Persistence based on the POST content when HTTP_REQUEST_DATA { if { (([HTTP::method] equals "POST") and ([HTTP::uri] contains "/amm/ampxml.jsp")) } { set HOST [string tolower [HTTP::host]] set SESSIONID [findstr [HTTP::payload] "uuid=" 5 20] set KEY [crc32 $HOST$SESSIONID] persist hash $KEY 14400 } } Tested this on version: 11.5javascript fails with var is undefined
We use F5 with several upstream servers without SSL termination, and after our application update we faced some strange issues with undefined variables and pending xhr requests. Is there some advices for configuring F5 for slow and big server responses, does tcp-lan-optimized profile suitable for it?