Viprion F5 sending logs to Qradar need the slot number removed
when sending the log to qradar it comes up in the format of slot/hostname <132>Aug 11 15:27:37 slot1/testf502 warning tmm[11723]: 01260026:4: No shared ciphers between SSL peers 185.181.102.18.56372:192.168.10.156.443. looking to remove the slot from the log entry before sending to qradar to allow for better sorting.
Direct Access 2012 and f5
We are testing Direct Access 2012 and are planning to use the f5 to handle load balancing between two DA servers. I haven't found much info specific to using f5, mainly this:http://www.f5.com/pdf/white-papers/...ess-tb.pdf The only real technical documentation is the old Forefront UAG back in 2009: https://devcentral.f5.com/tech-tips...bjKNinnbaM http://www.f5.com/pdf/deployment-guides/f5-uag-dg.pdf I would like verifaction that the this older documention is still relevant with DA 2012. Thanks Mykel
Uri Rewrite and relative Uri's/Links
Hello Folks, I think it's more an theoretical question, but with a practical background. I've the following secenario. Client side is requesting "https://www.domain.com/app Proxy performs a HTTP:uri rewrite from /app to "/" (content on backend system is in the root directory). That's working fine -> I'll get a Login mask and then I'll get some incomplete content back in the browser. After looking the site source code I'll find a lot of "relative links" <!DOCTYPE html> <html lang="en"><head><meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <base href="/" /> <link href="css/rich-text/bundle.min.css" rel="stylesheet"> <link href="css/rich-text/css/dx.light.css" rel="stylesheet"> <link href="css/rich-text/bundle-richedit.min.css" rel="stylesheet"> <script src="_framework/blazor.webassembly.js"></script> <script src="_content/MudBlazor/MudBlazor.min.js"></script> <script src="_content/Dsm.Blazor.Components/common.bundle.js"></script> <script src="_content/Dsm.Blazor.Components/contextmenu.bundle.js"></script> and so on. The problem is, the browser is requesting all these links without the subdirectory /app https://www.domain.com/css/rich-text instead of https://www.domain.com/app/css/rich-text A search on the WWW says that the usage of subfolders + rewrites with relative paths should not really be a problem. Or rather, this was described as a workaround. According to my understanding of relative links, these should simply be added to the existing browser URL during the request. Do I have a problem understanding relative links here or could be the <base href="/" /> the problem (because all paths are relative to / [root path] thus removing the /app path from subsequent requests)? Thanks in advance for you help. rschwarzIrule for Host block with custom ASM violation
Dears, I have following scenarios, 1. if Traffic from Internal user/IP --- >Allow connection 2. Traffic from internet 2.1) Block access only on Host name ( URL ), That is -----> https://XYZ.com 2.2) Allow access to URI's, Thats is ------- > https://XYZ.com/abc or https://XYZ.com/* I tried multiple way and find some solution but its not working. Its great if some one helps here when HTTP_REQUEST { set reqBlock 0 if {[string tolower [HTTP::host]] eq "XYZ.Google.com" && [IP::addr [IP::client_addr] equals "10.0.0.0/8"]} { log local0. "[IP::client_addr] triggered geo" set reqBlock 1 } } when ASM_REQUEST_DONE { if {$reqBlock == 1} { ASM::raise VIOLATION_URL_GEOLOCATION } }iRule for X509 Subject
I have an iRule that is working and inserts a certificate DN into a header In the header the cert DN is inserted as: x-ssl-client-dn: C=<country >, O=<Org>, OU=<OU>, CN=<User name> the application owner wants changed to the following: x-ssl-client-dn: CN=<Usern Name> , OU=<OU> , O=<Org> , C= <Country) How can this be reversed
Maintenance page - hosted on LTM or redirect with fallback host - or both?
I'm in the process of implementing an automated maintenance page that is displayed when I have a pool with no healthy members. Looking around, I see two distinct methods of doing this - utilizing the fallback host feature and redirecting to another url, or setting up a page to be hosted on the LTM and using an iRule with " [active_members [LB::server pool]] < 1" in it. Does anyone have any opinions on which one is preferred, and why? Currently, I'm using the fallback host method and I'm redirecting to a page hosted on AWS. My setup includes about 70 virtual servers on a 3600 HA cluster - some are QA, some are non-http. I will likley have the need for multiple versions of the maintenance page, depending on the site content it fronts. The one thing I do see as an advantage of the LTM hosted option is that an iRule code example shows a refresh option being used to automatically pull up the healthy site when it becomes available. Thanks!! Chris
One Connect not keeping connection open on HTTP 204 No Content
We have an application that returns a 'HTTP 204 No Content' response on 99% of all requests. These connections are being kept open and reused on the client side of the F5. The problem is the Load Balancer closes these connections on the server side right after the HTTP 204 RESPONSE is received from the server. When we send a HTTP 200 the connection is kept open and reused(normal One Connect operation). Is there an iRule that we can apply to the VIP to keep the connection open even when the Server returns a 'HTTP 204 No Content'? Thanks
