iRule, Traffic Policy or Re-Write Policy
Hi, I have created an iRule that maps source addresses to a particular pool when CLIENT_ACCEPTED { if {[class match [IP::client_addr] equals clients1] } { pool POOL_1 } elseif {[class match [IP::client_addr] equals clients2] } { pool POOL_2 } elseif {[class match [IP::client_addr] equals clients3] } { pool POOL_3 } elseif {[class match [IP::client_addr] equals clients4] } { pool POOL_4 } elseif {[class match [IP::client_addr] equals clients5] } { pool POOL_5 } else { pool POOL_6 } } I have a re-write policy that changes the uri https://example.com to https://examples.com/test When the connection completes to the backend servers, they respond with their hostname in the browser. I want to keep https://example.com on the client side but I'm not sure how to achieve this. I thought I could do a response within my re-write policy but this fails. I then looked at traffic policies but already have an ASM policy attached Should I try and achieve everything under one irule (if so how, might I do this) It replaces the original uri with a new uri (going to the server) Have my current source to pool mapping Replace the server hostname with the original uri https://example.com Thanks for any pointers
Is it possible to select ASM BoT profile from irule?
Hi. . Is it possible to select BoT profile from irule? . Concept is we have different set of IP which need to allow "some" BoT type. That why we can't use whitelist IP in BoT profile because it will allow all BoT type. So We want to use iRule to check if it IP A > use BoT profile which have some exception, but if all other IP > use normally BoT profile. . when HTTP_REQUEST { # Check IP and select BoT profile from that if { [IP::client_addr] eq "A" } { ASM::enable allow_some_bot_profile } else { ASM::enable normally_bot_profile } } ps. I didn't see any document about how to select BoT profile. So I'm not sure if ASM::enable can do that.
MQTT Broker - logging irule
Hi i am trying to setup an MQTT LTM VS and running into a few issues, i was trying to use some of the sample irules to capture some more logging but can't quite figure out this one that should log the messages https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-iot-administration-13-0-0/1.html Common/irule_mqtt_loggging:14: error: [undefined procedure: MQTT::message_id][MQTT::message_id] /Common/irule_mqtt_loggging:26: error: ["The command does not expect argument."][MQTT::message topics qos $topic] i had thought that these were standard variables that could just be used...if anyone has managed to get this working any help would be apprecated thanks chrisiRule or Re-write Profile
I'm trying to work out how to do the following. I have an irule that is directing source traffic (based on IP) to a specific pool I have a rewrite policy > changing https://example.com to https://example.com/text this is all working The problem I have, is I'd like https://example.com to stay the same in the client's browser But after the client connects to the backend servers, they return a uri https://host1.com I'd like that to appear as https://example.com I looked at my rewrite policy and was thinking I could do a response This doesn't appear to work. Should I be using a single iRule to Replace the name (inbound) Direct to a pool Replace the name (outbound)F5 AWAF/ASM ASM_RESPONSE_VIOLATION event seem to not trigger on 17.1.x
Hey Everyone, The F5 AWAF/ASM ASM_RESPONSE_VIOLATION event seem to not trigger on 17.1.x. I have enabled irules support the waf policy and I tested in Normal and Compatibility mode but no luck. The other events trigger without an issue. I created 2 custom signatures for response and request match and request match one has no issues so it seems a bug to me. This can be easily tested with the below irule that logs to /var/log/asm when ASM_REQUEST_DONE { log local3. "test request" } when ASM_RESPONSE_VIOLATION { log local3. "test response" } The custom response signature is in the policy to just trigger alarm. I tried string or regex match " (?i)failed " PCRE-style as F5 15.x and up are using this regex style.Irules persistence source_addr
Hi, I have requirement where someone hits www.bac.com/admin is redirected to www.abc.com/admin-login.html and then persist with server even if go back to main page. i have wrote Irule, maybe not pretty but i want to do some testing with source persistence. irule looks like: when HTTP_REQUEST { log local0. "host: [HTTP::host] , url: [HTTP::uri] , proto [TCP::local_port]" switch [string tolower [HTTP::host] ] { "www.abc.com" { if { [string tolower [HTTP::uri] ] equals "/admin" } then { HTTP::respond 302 Location "admin-login.html" } if { [string tolower [HTTP::uri] ] equals "/admin-login.html" } then { persist source_addr 255.255.255.255 3600 } if { [persist lookup source_addr "[IP::client_addr] any virtual " node] ne ""} then { set mypool [persist lookup source_addr "[IP::client_addr] any service " pool ] set mynode [persist lookup source_addr "[IP::client_addr] any service " node ] set myservice [persist lookup source_addr "[IP::client_addr] any service " port ] pool $mypool member $mynode log local0. "pool:$mypool , node: $mynode , service: $myservice" persist source_addr 255.255.255.255 3600 log local0. "pool:$mypool , node: $mynode , service: $myservice" } } } } when i look into logs i can see that pool and service is changing however in presistent table is still same i just wonder why is that Oct 2 11:29:05 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: / , proto 80 Oct 2 11:29:06 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: / , proto 80 Oct 2 11:29:13 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: /test.html , proto 80 Oct 2 11:29:20 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: /admin , proto 80 Oct 2 11:29:20 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: /admin-login.html , proto 80 Oct 2 11:29:34 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: / , proto 80 Oct 2 11:29:34 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool1-5 , node: 192.168.200.11%1 , service: 80 Oct 2 11:29:34 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool1-5 , node: 192.168.200.11%1 , service: 80 Oct 2 11:29:45 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: / , proto 443 Oct 2 11:29:45 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool-https , node: 192.168.200.11%1 , service: 81 Oct 2 11:29:45 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool-https , node: 192.168.200.11%1 , service: 81 Oct 2 11:29:57 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: /test.html , proto 443 Oct 2 11:29:57 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool-https , node: 192.168.200.11%1 , service: 81 Oct 2 11:29:57 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool-https , node: 192.168.200.11%1 , service: 81 Oct 2 11:30:05 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: /test.html , proto 80 Oct 2 11:30:05 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool1-5 , node: 192.168.200.11%1 , service: 80 Oct 2 11:30:05 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool1-5 , node: 192.168.200.11%1 , service: 80 TMM 0 Mode source-address Key 192.168.199.1 Age (sec.) 1060 Virtual Name vip2 Virtual Addr 2620:0:c10:f501:0:1:c0a8:c70a:80 Node Addr 2620:0:c10:f501:0:1:c0a8:c80b:80 Pool Name pool1-5 Client Addr 192.168.199.1%1
Create an iRule that can search and replace
Looking for some irule help please this is a search and replace rule... Step one in the message payload Find <soapenv:Header/> and replace with <soapenv:Header> <job:roleIdentifier>SERVER1</job:roleIdentifier> </soapenv:Header> or if the message is from Server2 Find <soapenv:Header/> and replace with <soapenv:Header> <job:roleIdentifier>SERVER2</job:roleIdentifier> </soapenv:Header>Sending an HTTP request from iRule without delaying client requests
Hi, I am trying to find a solution that can meet my needs: I need to extract information from every HTTP request and response arriving on my virtual server, then send the extracted info to an external service's HTTPS endpoint. The challenge I've run into is decoupling the client connection from the external call. I wrote an iRule that uses a sideband connection with a helper virtual server for the external calls (similar to how the "HTTP Super SIDEBAND Requestor" works) but it seems like the sideband connection delays the response to the client. Is there any way to achieve what I've described without delaying the response?iRule not executing on HTTP requests from internal network
Hi, I have a BIG-IP VE machine running as an AWS EC2 instance, and I have encountered some behavior I can't understand. I have a virtual server with an HTTP profile, with an iRule applied to it. When I send HTTP requests to this virtual server, the iRule runs as expected. However when I send requests from other EC2 VMs in the same AWS VPC, I do get the expected HTTP response as the client, but the iRule does not run (I added logs to the iRule to make sure of this). Both the BIG-IP instance and the VM I'm sending the requests from are also sitting in a single subnet, with private IPs in the 172.31.x.x range. What is causing this and how can I make the iRule always run?
