How can I preserve the original HTTP Host Header to the Backendservers?
Hi guys, I'm trying the following configuration to loadbalance a RH SSO Key cloack Cluster: clientIP -> https/443 -> (clientssl-Profile) F5-Virtual Server (serverssl-Profile) -> SNAT-IP -> tcp8443 -> Backendserver The Backendserver need to see the original client http Header, so I created a http Profile with the "Insert X-Forwarded-For"-Option enabled. Alternative I tried the following iRule: when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::client_addr] } Unfortunaly, both ways didn't work properly... How can I preserve the whole original HTTP Host Header trough the F5 to the Backendservers? Thank you!
Redirect TCP connections from port 443 to 80
Hi All We have a port 80 and 443 VIP configured for 301 redirections to send sites to specific pages on a target branding site. We use 301 redirects and it works just fine via irule. However, for this to work for HTTPS requests, we need a cert and SSL profile to decrypt the request and then redirect it. The same irule is in use for both the 80 and 443 VIPs I'm wondering whether it's possible to do a basic 'when client_accept/connect' irule to force ALL connections to the VIP to go to the port 80 version so that we don't need to keep purchasing certs for 'old' websites. Perhaps another option would be to set a single client_ssl profile on the 443 VIP, use a 'when clientssl_handshake' iRule and try redirect to 80 that way, but I have my doubts. This is a bit beyond my current iRule skills.... Cheers
Disable ASM illegal HTTP status response logging
Hello, my ASM policy setting looks like this: Why do I still get Application Request Logs where the only violation is I am fine with the blocking of unallowed HTTP status codes but I was expecting that the unchecked alarm box would prevent these logs. Do I have to define a special log profile for this? It is set to "log illegal requests". Thank you
HTTP Health Monitor in LTM
Hi Folks, We've following requirement to configure HTTP health monitor and this is what we need to implement. Type Send Receive HTTP GET /Sample/healthchecksimple HTTP/1.1 200|OK HTTP GET /Sample123/servlet/fcs/ping HTTP/1.1 200|System Current Time HTTP GET /sample456/test-alive HTTP/1.1 200|OK HTTP GET /Sample789/manager?query=monitoring HTTP/1.1 302 HTTP GET /Sample459/monitoring/healthcheck HTTP/1.1 200|OK HTTP GET /Sample324/servlet/fcs/ping HTTP/1.1 200|System Current Time HTTP GET /Sample438/monitoring/healthcheck HTTP/1.1 200|OK HTTP GET /healthcheck HTTP/1.1 200|OK Would like to know if this is correct syntax for Send and Receive string or need to modify? we need to associate this to pool.What to do after HTTP::respond ?
Hello, I currently have a maintenance-unavailable iRule that returns a HTML page when the vs is in maintenance mode (value in datagroup list) or is not available. (LB_FAILED) My first check is if the URI is an image that is linked to in the page. If yes, HTTP::respond with a Connection: Close header, disable all future iRule events & TCP::close. This seems a very hacky way of doing this. I manually close the TCP connection because for some apps, we have an IIS request forwarder in front of the bigip that may do connection pooling; event disable all would disable all iRules for all applications on that TCP connection. How are you all doing this? priority 50 when HTTP_REQUEST { if { [HTTP::uri] eq "/bip-company-logo.gif" }{ HTTP::respond 200 content [ifile get "company-logo"] noserver Content-Type image/gif Connection Close event disable all TCP::close return } if { [class match -value [virtual name] equals "maintenance-list"] eq "1" } { if { [HTTP::uri] eq "/favicon.ico" }{ HTTP::respond 404 noserver Connection Close event disable all TCP::close return } if { [virtual name] starts_with "/ITSS/" }{ set contact "your Regional Helpdesk" } else { set contact "Application Support () or your Regional Helpdesk" } HTTP::respond 200 content " Down for maintenance - company Maintenance This application is currently undergoing maintenance. It should be available again within the specified time period. For any questions, please contact $contact. " noserver Connection Close event disable all TCP::close } } when LB_FAILED { if { [virtual name] starts_with "/ITSS/" }{ set contact "your Regional Helpdesk" } else { set contact "Application Support () or your Regional Helpdesk" } HTTP::respond 503 content " Application Unavailable - company Application unavailable This application is currently not available. Please contact $contact. " noserver Connection Close event disable all TCP::close }
