Forwarding to Different Port Replaces the Host Header
We use F5 in front of an AWS ALB for firewall purposes. In our virtual server, we forward our https requests to port 85. When the request arrives at our web tier, the request has the host header of our external url with ":85" appended to it. We want the behaviour to be when the request is forwarded, even to a different port, the host header remains the same in order for OpenID to work correctly. Please let me know if there is a workaround for this, and thanks in advance.Modify HTTP response from ICAP server on BigIP
Hi all, I'm facing the following problem with an ICAP setup: What we want is AV scanning of file uploads to a web page using ICAP on the BigIP. This is done by using a request adapt profile in conjunction with an internal virtual with ICAP profile. We want all POST requests to a specific upload path to be sent to an ICAP server that performs AV scanning. When finding an infected upload, the ICAP server will respond with an ICAP result "respond" (instead of "modify") and return an http 403 error page (we cannot change that behaviour). The upload (POST request) will not reach the webserver in that case. Up to that point, we could get all of this working properly. Unfortunately, the client application (third party product) will throw an unexpected and undefined error upon receiving an http 403 status code. In order to display a meaningful error message to the end user, the application expects an http status code 901 instead. As already mentioned, we can neither change the http 403 error returned by the ICAP server (third party product), nor the need/expectation for an http 901 status by the web application (also third party product). Hence, we plan to rewrite the http 403 reply (of the ICAP server) into an http 901 status on the bigip, resulting in the following setup: click here I tried to address this issue with the following iRule: when HTTP_REQUEST { if { [HTTP::uri] starts_with "/some/path/to/file/uploads" } { log local0. "Upload detected - activating ICAP" ADAPT::enable request true set icap_enabled 1 set icap_respond 0 } else { ADAPT::enable request false set icap_enabled 0 set icap_respond 0 } } when ADAPT_REQUEST_RESULT { set result [ADAPT::result] log local0. "ICAP RESULT received. Result: $result" if { $result == "respond" } { set icap_respond 1 log local0. "ICAP MATCH respond" } } when HTTP_RESPONSE { if { $icap_enabled == 1 } { if { $icap_respond == 1 } { HTTP::respond 901 log local0. "Upload ICAP response detected - sending http 901 to client." } } } Unfortunately, this does not work, since the HTTP_RESPONSE event will not be triggered by the ICAP response, because it is not coming from a server as the wiki page states: HTTP_RESPONSE is specific to a server response passing through the load balancer, and is not triggered for locally-generated responses HTTP_RESPONSE_RELEASE is also not a suitable event, because it does not allow HTTP::respond actions. Trying to do the HTTP::respond action within the ADAPT_REQUEST_RESULT event block will result in TCL errors during execution and break down the whole virtual. Does anybody have ideas on how to address this issue properly? I'm running out of ideas. Many thanks in advance! Martin
HTTP Monitor
Hi, I want to set an HTTP monitor with the "Receive String" and the "Receive Disable String" so my application return the below results : {"EXCEPTION":false,"RESULT":"{\"DBUp\":true,\"serverUp\":true}"} ==> app is OK {"EXCEPTION":false,"RESULT":"{\"DBUp\":true,\"serverUp\":false}"} ==> app is not OK {"EXCEPTION":false,"RESULT":"{\"DBUp\":false,\"serverUp\":true}"} ==> app is not OK {"EXCEPTION":false,"RESULT":"{\"DBUp\":false,\"serverUp\":false}"} ==> app is not OK my configuration is : Receive String : (true.*true) Receive Disable String : (DBUp\W{3}false)|(serverUp\W{3}false) but this monitor is not working, any one can help please ? Regards,
Analytics : HTTP : Transactions - Export Top URL
Hello, I'm using AVR (Application Visibility Reporting)for my F5 Big IP LTM traffic. When i'm going to my statistics, I can see 29 975 total entries for my URL. But When I try to export all of these URLs in CSV format, my CSV file contains only the first 10 entries. Do I need to apply a particular method to export all of my 29,975 entries to the same CSV file to process this data? Thanks for your help, HugoHTTP to HTTPS redirect over the same port
Hello, i hope you can help me. I need an http to https redirect to the same port. For example I enter the URL http://dev.intern.com:25001 and I want to get redirected to https://dev.intern.com:25001. I tried a second virtual server but this didn't work because the loadbalancer can't have two the same IP and ports for a second server which redirects it with an irule to the https virtual Server which is understandable. Thank you already and best regards!