Delay Remote Desktop Response to Client
Hello, We're currently using F5 APM to provide VDI/RDP secure access via a Remote Desktop resource assigned to the Webtop. When a user clicks the icon, an .rdp file is downloaded, which they then open in Microsoft Remote Desktop, Remmina, or a similar client. I was recently asked if it would be possible to keep the target VMs powered off by default , and have BIG-IP power them on before they are accessed. This is accomplished via REST API calls to the VDI solution. I've successfully implemented this logic using iRules LX. However, the issue is that the .rdp file is delivered to the user before the iRule has completed execution. As a result, the user could attempt to connect while the VM is still in the propcess of powering on. Is there a way to delay sending the .rdp file to the client until after the iRule has finished running? Has anyone implemented a similar approach before? Thanks in advance.
iRule to show banner while application maintenace
Dear Experts, Hope you are good, I am looking for an irule to display a banner while accessing the website by the user. Something like "website is under maintenance" I hope someone already used this before. Could you please share that irule. Thanks Adeel
HTTP Response from ILXPlugin
Hi DevCentral community! I am currently trying to develop an iRule ILXPlugin, which checks a client HTTP request for certain properties. If some condiditions don't match I would like to send an HTTP response error message from the ILXPlugin to the client (without further forwarding to the backend). If everything is valid I want to forward it to the respective backend pool member. Unfortunately, the ILXTransaction does not provide any real examples (other than the description) on how to use the methods respond and replaceBody to achieve this use case. You can find my current code below, whereas I am trying to send a response with a custom html body and HTTP status code 404: 'use strict'; var f5 = require('f5-nodejs'); var plugin = new f5.ILXPlugin(); var options = new f5.ILXPluginOptions(); options.handleServerData = false; options.handleServerResponse = false; options.handleClientData = false; options.handleClientOpen = true; plugin.on('initialized', function () { console.log('INITIALIZED'); }); plugin.on('connect', function(flow) { var tmmID = flow.tmmId(); var clientSourceAddress = flow.client.remoteAddress; flow.client.on('requestComplete', function(request) { var destinationHost = request.params.headers.host; var requestMethod = request.params.method; // Example if(requestMethod === 'POST') { request.replaceBody(); request.respond(); // Send response with body: 'ERROR RESPONSE!' and Status Code '404' flow.client.end(); } var options = new f5.ILXLbOptions(); options.pool = '/Common/api_pool'; flow.lbSelect(options); flow.client.allow(); request.complete(); }); flow.client.on('error', function(errorText) { console.error('client error event: ' + errorText); }); flow.server.on('error', function(errorText) { console.error('server error event: ' + errorText); }); flow.on('error', function(errorText) { console.error('flow error event: ' + errorText); }); }); plugin.start(options); I would appreciate any suggestions. Thank you in advance.
irule for URI based redirection and to the pool..
Hi, I'm looking for a short irule that helps in two ways. URI redirection Host based pool selection I currently have two irules, I'm looking for one combined irule that serves the purpose. Host to pool selection: when HTTP_REQUEST { switch -glob [ string tolower [HTTP::host]] { "eng.page3.com" { pool page3_https_pool } "eng.devpage3.pega.com" { pool devpage3_https_pool } default { HTTP::respond 404 noserver } } URI based redirection: when HTTP_REQUEST { if {[HTTP::uri] starts_with "/ClientService/BI-Integration/"} { switch -glob [string tolower [HTTP::host]] { "eng.page3.com" {HTTP::redirect "/clientapp[HTTP::uri]"} } } } Can someone help me with a irule that gives me the combined features of both. I don't like to use two separate irules on the same VIP, so checking if there is any better option.HTTP::respond and header request modifications
Hey everyone. Trying to federate AWS S3 and an on premises S3 compliant storage box with iRules/iRulesLX. The calling client connecting to the BigIP will by default have the access key and secret key of the on premises S3 storage, but using the javascript aws-sdk with iRulesLX and determining that the object is in AWS S3 (HEAD request) I generate a new signature for AWS S3 and respond to iRules with that information. I use the signature with an HTTP::respond as such: HTTP::respond 302 noserver Location "$host" Authorization "$authorization" X-Amz-Date "$xamzdate" X-Amz-Content-Sha256 "$xamzcontentsha256" Problem I am seeing is that it does not appear that the HTTP::respond action with the headers is actually modifying the headers (Authorization, X-Amz-Date etc.) request during the 302. I get back a HTTP 403 with InvalidAccessKeyId: The Access Key ID you provided does not exist in our records. Looking at the client response, I see the raw request still has the Authentication string for the on premises S3 storage. Am I going about this wrong? Still new to iRules and the F5. Thanks for the help!
Strip HTTP Origin header based on its value before hit the ASM
Hi Everyone Our app using CORS, and it's working normally with correct origin headers: Origin: "://" [ ":" ] But also all mobile clients sending Origin header with value 'file://' this causes (Illegal cross-origin request) POST /xxx/yyy HTTP/1.1 Host: ddd:8001 Connection: keep-alive Content-Length: 2 Accept: application/json, text/plain, */* Origin: file:// i want to add iRule to Strip this header Origin: file:// before hit the ASM and allow normal Origin headers like: Origin: https://xyz.com:8080 Origin: https://xyz.com:8090
URL Rewrite - Closes TLS session
I need to rewrite the client request to a form that the server needs. Example: apps.svr1.oscplatform.site/rewrite/example-app-name/blah to this: example-app-name.apps.svr1.oscplatform.site/blah I have a rule working using HTTP_REQUEST event. PROBLEM: The TLS session to the client is invalidated when I change the host. So every single call has to do TLS handshake again. Is there a way to prevent host header change killing the TLS session? when HTTP_REQUEST { #log local0. "host: [HTTP::host], uri: [HTTP::uri]" switch -glob [string tolower [HTTP::host]] { "apps.svr1.oscplatform.site" - "apps.svr2.oscplatform.site" - "apps.svr3.oscplatform.site" { # Example rewrite URL: # apps.svr1.oscplatform.site/rerwite/example-app-name/blah # Result after rule: # example-app-name.apps.svr1.oscplatform.site/blah # Removed the /rewrite/ set svc_uri [substr [HTTP::uri] 9] #log local0. "svc_uri: $svc_uri" # Splits the remaining URI into service name and original URI. # systemdates-mwa/blah becomes systemdates-mwa and /blah set part_count [scan $svc_uri {%[^?/#]%s} svc uri] # If there was no original URI update it to blank. if { $part_count == 1 } { set uri "" } #log local0. "host: $svc.[HTTP::host] uri: '$uri'" # Set the new host value. HTTP::host "$svc.[HTTP::host]" # Update URI to the correct value. HTTP::uri "$uri" } } # Set the value used in the SNI extension record. # This is used in the SSL handshake to the destination server. # This is how we implement SSL Bridging with a possible URL rewrite in the middle. set sni_value [HTTP::host] } when SERVERSSL_CLIENTHELLO_SEND { #log local0. "sni_value: $sni_value" # SNI extension record as defined in RFC 3546/3.1 # # - TLS Extension Type = int16( 0 = SNI ) # - TLS Extension Length = int16( $sni_length + 5 byte ) # - SNI Record Length = int16( $sni_length + 3 byte) # - SNI Record Type = int8( 0 = HOST ) # - SNI Record Value Length = int16( $sni_length ) # - SNI Record Value = str( $sni_value ) # # Calculate the length of the SNI value, Compute the SNI Record / TLS extension fields and add the result to the SERVERSSL_CLIENTHELLO SSL::extensions insert [binary format SSScSa* 0 [expr { [set sni_length [string length $sni_value]] + 5 }] [expr { $sni_length + 3 }] 0 $sni_length $sni_value] }else not working
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "Microsoft-Server-ActiveSync" || [string tolower [HTTP::uri]] equals "EWS" } { sent to default pool pool WB_getmail.warnerbros.com_HTTPS } else { redirect to outlook.office.com HTTP::redirect https://outlook.office.com/owa/warnerbros.com } }
iRule error after upgrade version (Operation not supported. Multiple redirect/respond invocations not allowed)
Hi, good afternoon. After upgrade a BIG IP OS from 10.2.4 to 11.5.1 HF10, I started to see a lot of errors in LTM log. I have many iRules in my system and many of those iRules are givin me "Operation not supported. Multiple redirect/respond invocations not allowed" errors. I have here a simple iRule like when HTTP_REQUEST { if { [string tolower [HTTP::path]] equals "/something.txt" } { HTTP::respond 200 content "User-agent: * \nDisallow: /somretyhing.pe \nAllow: /" return } } And this irule is givin the error I said. And many other are like these and is giving the operation not supported error. Please help, someone see that before? Thanks.