Redirect TCP connections from port 443 to 80
Hi All We have a port 80 and 443 VIP configured for 301 redirections to send sites to specific pages on a target branding site. We use 301 redirects and it works just fine via irule. However, for this to work for HTTPS requests, we need a cert and SSL profile to decrypt the request and then redirect it. The same irule is in use for both the 80 and 443 VIPs I'm wondering whether it's possible to do a basic 'when client_accept/connect' irule to force ALL connections to the VIP to go to the port 80 version so that we don't need to keep purchasing certs for 'old' websites. Perhaps another option would be to set a single client_ssl profile on the 443 VIP, use a 'when clientssl_handshake' iRule and try redirect to 80 that way, but I have my doubts. This is a bit beyond my current iRule skills.... Cheers
OpenSSL and Heart Bleed Vuln
Get the latest updates on how F5 mitigates Heartbleed Hi Team, I know this question is eventually going to be asked - I may as well do it. With the news today about the Heartbleed OpenSSL Vulnerability (http://heartbleed.com) I wanted to confirm if we are at any risk. All of my LTM V11 and V10 instances are running OpenSSL 0.9.8x which does not appear to be a vulnerable version of OpenSSL... Does the F5 hook into this when we Sign/Request SSL Certs? If so we're sitting pretty, right? Thanks. Updates based on feedback: ul Update 2: F5 have published a security advisory on this issue - http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
How does https send string works ?
Hi Team , How does the below send string works ? What is the exact meaning of this send string path ?Can someone please explain in detail based on the below mentioned send string . Send string : GET /PasswordVault HTTP/1.1\r\nHost: example.xyz.com\r\nConnection: Close\r\n\r\n Receive string : 200
High CPU utilization (100%).
I observed high CPU utilization (100%) on F5 device, resource provision ASM nominal. I checked the client-side throughput and server-side throughput both are normal but found management interface throughput is very high and what i noticed this is happening in same time period for last 30 days. What could be the reason for this spike. Many thanks in advanced for your time and consideration.
https connection with URI shows as not secured ?
Hi Team , We have a new VIP with url https://example.test.com , but when we try to access the url with uri it says "The information you're bout to submit is not secure " https://example.test.com >> WORKS https://example.test.com/sap/saml2/sp/acs/100 >> error : "The information you're bout to submit is not secure " Please advice .
L7 https ACL with APM SSL VPN not working
Hi, I am building a POC for Client SSl VPN with F5 APM in AWS. Since we are using AWS I would like to use L7 ACLs instead of L4 since IP addresses keep changing in AWS. I got it working for http but not for https. In another post I found this: https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-config-11-4-0/apm_config_resources.html147209 You can use a Layer 4 or Layer 7 ACL with network access, web applications, or web access management connections, with the following configuration notes. With network access, you can use a Layer 7 ACL that is configured to provide access control for port 80 HTTP connections. However, if you want to provide access control for anything that is not on port 80, you must create a second virtual server, configured with the IP address to which the ACL entry applies, and the default access profile, access. For HTTPS network access connections, you can use Layer 7 ACL entries only if the virtual server has the private key of the backend server. Does that really means I will have to create an additional VS for every single URL I want to access via https and also need the key for that URL? I hope not. Thanks.