High CPU utilization (100%).
I observed high CPU utilization (100%) on F5 device, resource provision ASM nominal. I checked the client-side throughput and server-side throughput both are normal but found management interface throughput is very high and what i noticed this is happening in same time period for last 30 days. What could be the reason for this spike. Many thanks in advanced for your time and consideration.
Telemetry Streaming: getting HTTP statistics via SNMP
Hi F5 community, I am looking to get HTTP statistics (total count, and broken by response code) metrics from Telemetry Streaming via SNMP (seems to be the most viable option). F5-BIGIP-LOCAL-MIB::ltmHttpProfileStat oid: .1.3.6.1.4.1.3375.2.2.6.7.6 However, the stats don't seem to come out correct at all: I do see deltas happening, but they don't match at all the traffic rate I expect to see. Furthermore, I have done some tests where I would start a load testing tool (vegeta) to fire concurrent HTTP requests, for which I do see the logs from the virtual server, but no matching increment in the above SNMP OID entries on none of the profiles configured. What am I doing wrong? does something need to be enabled on the HTTP profile in use to collect those stats? Best, Owayss
Help with iRule Proxy
Hi team, I’m working on an iRule where I need to replace the path /admin with the root / and forward the request to the appropriate pool. However, I’m encountering issues with the rule, and it doesn't seem to work as expected. Here’s the first version I implemented: when HTTP_REQUEST { if {[string tolower [HTTP::host]] equals "test.com" and [HTTP::path] starts_with "/admin"} { HTTP::path [string map -nocase {"/admin" "/"} [HTTP::path]] pool POOL-A #log local0.info "Client Address --> [IP::client_addr] | Path: [HTTP::path] | Pool: POOL-A" } else { pool POOL-B #log local0.info "Client Address --> [IP::client_addr] | Path: [HTTP::path] | Pool: POOL-B" } } After some research, I saw that HTTP::path might need to be changed to HTTP::uri. I tried this version: when HTTP_REQUEST { # Log the original URI for debugging log local0. "Original URI: [HTTP::uri]" # Check if the URI starts with "/admin" if {[HTTP::uri] starts_with "/admin"} { # Modify the URI by replacing "/admin" with "/" set new_uri [string map {"/admin" "/"} [HTTP::uri]] HTTP::uri $new_uri # Log the modified URI for debugging log local0. "Modified URI: [HTTP::uri]" # Forward the request to the appropriate pool pool POOL-A } else { # Log default traffic for debugging log local0. "Default traffic - URI: [HTTP::uri], Pool: POOL-B" # Forward to the default pool pool POOL-B } } Issue: Neither version seems to work. When I test requests to /admin, the path replacement does not happen as expected or The replace of path does not allow me to reach any subfolders after root “/” (ex. help, etc etc) and on these objects we faced 404 not found error.Could someone point out what I might be missing or any best practices for this kind of path manipulation? Thanks!ICAP with iRule Response Page without ASM
Hello, We are running on Big IP 13.1.1.4 TMOS code and set up Content Adaptation for HTTP request to check files uploaded through one our Website using ICAP. It's working fine but in case any virus is detected the ICAP server modify the response and show it's own response. But we would like to redirect the end-user to a dedicated and corporate web page of our website. I prepared the below Irule but it's now working. when ADAPT_REQUEST_RESULT { if { ([ADAPT::result] contains "respond") } { log local0. "ICAP Response is [ADAPT::result], let's customized reject page" set response { <html> <head> <title>Virus Detected</title> <meta http-equiv="refresh" content="0;URL='https://int-www-01.citizensfla.com/virus-test'" /> </head> </html> } HTTP::header remove Content-Length #HTTP::payload replace 0 [HTTP::payload length] "" HTTP::payload replace 0 0 $response } } How we could redirect the POST of the user to a dedicated page within our website if a virus is found using ICAP internal VS. Many thanks in advance for any help on this matter. Regards VijayPersistence: HTTP 200 OK to client hangs when server sends HTTP responses with Transfer-Encoding: chunked
All my problems come because I need an irule to persist sessions based on an specific field that goes through inside an HTTP packet. First the client need to do a Login and with the response we persist the session_id. HTTP POST HTTP 200 OK (session_id) HTTP GET (session_id) With the following irule i'm able to do that if the response comes with the header content-length. The problem is that we discovered that if the 200 OK from Login comes with Transfer-Encoding: chunked the 200 OK is received by F5 but the 200 OK that has to be sent to the client not. Bigip persists the connection but the connection between bigip and the client hangs and we are not sending the 200 OK to the client till the client closes the connection (tcp), after 60 seconds we saw the FIN,ACK and then the bigip sends the 200 OK to the client. 😞 when HTTP_REQUEST { log local0. "HTTP_REQUEST" if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576}{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } if { $content_length > 0} { HTTP::collect $content_length } } when HTTP_REQUEST_DATA { set SessionId [findstr [HTTP::payload] "SessionId>" 10 "<"] if { not ([string length $SessionId] == 0) } { log local0. "Persist in HTTP_REQUEST_DATA for not login operations $SessionId" persist uie $SessionId 300 } } when HTTP_RESPONSE { if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048577}{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048577 } if { $content_length > 0} { HTTP::collect $content_length } } when HTTP_RESPONSE_DATA { set SessionId [findstr [HTTP::payload] "sessionId>" 10 "<"] if {[HTTP::payload] contains "Login"} { log local0. "Persist in HTTP_RESPONSE_DATA for login $SessionId" catch { persist add uie $SessionId 300 } } } ` This is the configuration of the rest of the elements. `ltm virtual /Common/VS_TEST { destination /Common/10.105.108.5:8998 ip-protocol tcp mask 255.255.255.255 persist { /Common/sessionid_profile { default yes } } pool /Common/OPCO1_INT_PROV_AGENT_Pool profiles { /Common/http { } /Common/oneconnect { } /Common/tcp { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled } I tried also changing the http profile, but it didn't solve my problem. Best Regards and Thanks in advance. Victor JoriXML : Modifiy SOAP header
Hello, I need a to modify the soap header in order to add a specific parameter. After the tag " " i should be adding the parameter " soap:mustUnderstand="1" " but the data contained in the tag should not be modified. The soap envelope is like this : [DATA] Then soap envelope should like this : [DATA] I know that i need to use the function stream in order to make it work but i need guidance on this one. What should i put in the iRule in order to just add this parameter ? Thank you for your help
