how to redirect from port to another port and to hide the port from the url of client side?
client should type abc.xyz , should be redirected to https://abc.xyz, however server is listening to abc.xyz:9000, client shouldn't see port 9000. so how to redirect http to https with adding port a hidden port 9000?
BIG-IP : http profile : insert multiple headers
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi Via the web-admin, I can create/edit an http profile and set this field : Request Header Insert = "X-Forwarded-Proto:http" But what if I want to insert multiple headers ? What is the syntax ? Further, does Request Header Insert erase any pre-existing request headers ? Also, I set Insert X-Forwarded-For to Enabled but logs do not show header X-Forwarded-For to be present.BIG-IP : http profile : insert x-forwarded-for : enabled
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi HTTP Profile Insert X-Forwarded-For : Enabled Suppose the client has already added the "X-Forwarded-For" header value to the request. How will BIG-IP behave ? Will it leave the existing header value intact ? Or will it overwrite the value with what it believes to be the request client ip ? Further, at what point in request-processing does the insert/replace header operation occur ? Does it occur before iRule processing so that the header value is available within the iRule event processing when HTTP_REQUEST {} ?
Simple HTTP session termination then back end session to web server
Hello Gurus! I'm VERY new to LTM but I suspect this one will be simple. I've got an internal web app that simply uses http on port 80 from a company we acquired, which is currently on their local AD domain. We'll call it http://currenturl.olddomain.local/webapp. In order to get our users that come in over our global WAN into a higher queue in QOS I need them to make connections on a custom port (8052), but we don't want to change the web server. So, I want provide the users across the pond a totally different URL that terminates at the F5 on http port 8052 (http://newurl.ourdomain.com:8052/) and then have the F5 proxy the session to the web server by opening a new connection on the back end to the web server on the actual URL (http://currenturl.olddomain.local/webapp). Any help or article references would be much appreciated!
JavaScript is not been compressed by HTTP compression profile
i've enabled HTTP compression profile for my one of the web application with Content list box check marked.I've include keyword "text/javascript" and "application/javascript" in content list box.after updating the HTTP profile to Virtual server and seems that Javascript content in HTTP header is not getting compressed by http profile. Content Type Compression (bytes)Pre-CompressPost-Compress HTML 8.3T 1.9T CSS 3.6M 922.7K JavaScript 0 0 XML 291 233 Any thoughts?
Script to export list of Virtual Servers attached with HTTP profiles
Hi, I'm been asked to update all the virtual servers having http profile with logging iRule. Now, in my environment I have thousands of virtuals servers in each BIG IP of APAC/ EMEA / US and therefore it would be laborious process to extract all this information and attach iRule to them. I'm looking for some script (to find virtual servers having http profile) that I can run on LTM which could be exported into excel so as to send that details to CAB meeting in our system and also it would be easy for me to delegate some of the work and to perform check and balance. It would be great if anyone can help me in this. Thanks, Sai
Device not outputting HTTP Header error into syslog?
I have a production BIG-IP running v15.1.0.4 that is showing unexpected behaviour on a certain LTM error code. I was trying to troubleshoot some connectivity errors and it turned out that the client was sending an oversize HTTP Request header which was greater than the byte limit set in the HTTP "Max header size" value. Normally we would expect to see error code 011f0005 "HTTP header (xxx) exceeded maximum allowed size of 32768" but in this case nothing was observed. A different request with more than the maximum *number* of headers did trigger the separate event "011f0011:3: HTTP header count exceeded maximum allowed count", so the LTM logging is working fine for other codes, just not the header size one. I've compared the same requests on a different F5 pair running the same software version that front a test version of the website affected, and the log entry is being output to syslog as expected, so it seems specific to this production device pair. Is there any way to check lower level logging settings or compare sys db flags between these two pairs so I can try and work out why the error didn't log as expected? Thought it was worth an ask on here prior to raising a suport ticket. Many thanks, DanOWA + http profile not working
I need help getting Outlook Web App working. We currently have a test environment with exchange. We have OWA working just fine. The user goes to:https://outlook-test.mycompany.com. The default html on the www root redirects them to https://outlook-test.mycompany.com/owa. Then it hits the OWA app (I presume) and gets redirected to:https://outlook-test.mycompany.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook-test.mycompany.com%2fowa%2f. That all works fine, but here comes the F5 part. I need to start moving things behind the F5, and the exchange environment is not currently behind the F5. For a separate project I need to setup external access to OWA using F5 APM and SAML. What I’m trying to do is get it working in our test environment without breaking the current OWA access. I can get it working, but once I get into the APM aspect it breaks, so I’m taking a few steps back and trying to figure out what is breaking it. Scenario 1 – THIS WORKS Setup a virtual server using the IIS template. Set up SSL passthrough, point the VIP at the two two CAS/HUB servers. This works! The user goes to:https://outlook-test-f5.mycompany.com. The default html on the www root redirects them to https://outlook-test-f5.mycompany.com/owa. Then it hits the OWA app (I presume) and gets redirected to:https://outlook-test-f5.mycompany.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook-test-f5.mycompany.com%2fowa%2f. However, to use an access policy I need to have an HTTP profile. When I add an HTTP profile then everything breaks. After doing a little reading I came to the conclusion that if I had an HTTP profile that I needed to do SSL bridging. So I changed it from SSL pass through to SSL bridging and created an SSL client and SSL server profile. Once I add a client and server SSL profile (as well as an HTTP profile) I hit the F5 and it looks like I’m getting the “root” redirect to /owa, but (see step 2 above) but then I never get the next redirect to /owa/auth/logon.aspx… I know little to nothing about OWA. Not sure why I can get this to work without the HTTP profile doing SSL passthrough, but then break it as soon as I start doing SSL bridging. Thoughts?