Possible to combine multiple DataGroupLists for IP-Check?
Hello F5 Community, I am working on an irule to check on two datagroup-lists and country, but I am not sure if this is possible like I want to implement this. It should check if the IP is in the list1 or list2 or its part of FR and US and if true it should allow the traffic otherwise it should be dropped. My questions would be is it possible to check against two datagroup lists, like i did in the my irule example. Or should avoid this? when HTTP_REQUEST { set client_ip [getfield [IP::client_addr] "%" 1] set from_country [whereis $client_ip country] if { not (([class match $client_ip equals /Common/list1]) || ([class match $client_ip equals /Common/list2]) || ($from_country eq "FR") || ($from_country eq "US"))} { drop } switch -glob -- [string tolower [HTTP::path]] { default { pool /Common/pool1 } } } Thank you.
Extract SSL extension from client hello
Hi, need support to extract SSL extension field name = DATA from client hello and than insert it into the client application packet. Please let me know how to accomplish this using irule. Sample client hello packet capture: Extension: Unknown type 1000 (len=14) Type: Unknown (1000) Length: 14 DATA: 1111123458998874222
establish a sideband connection to an HTTPS destination using the connect command
Hi, I have iRule that establish sideband connection to an HTTP destination. I need to change it to HTTPS connection with SSL. I tried this command but it not get it because the -ssl argument: when ACCESS_POLICY_AGENT_EVENT { set conn [connect -ssl [name of SSL client profile] -status conn_status 10.5.12.181:443] } somebody have an idea how should I do it?
Custom Attack Signature for Accept Header
Hi Guys, In the past, I worked on an iRule to block specific Accept header patterns, and it was working fine. Now that we have WAF in place, I was wondering if this is something I could achieve using custom signatures instead. The idea is: text/html,application/xhtml+xml,application/xml, - Block text/html,application/xhtml+xml,application/xml - Allow text/html,application/xhtml+xml,application/xml,application/rss+xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 - Allow text/html,application/xhtml+xml,application/xml,text/xml - Allow And similar scenarios with other Accept header. Is this possible to achieve with F5 WAF, and if so, could anyone provide guidance on how to configure this properly? I am currently using in the lab the following costum signature: regex: re2:"/text\/html,application\/xhtml\+xml,application\/xml,/H"; nocase; This works well to block text/html,application/xhtml+xml,application/xml, but the signature also triggers in the cases of 3 and 4, which I want to avoid. Any suggestions or guidance would be appreciated. Thnx.
Connecting a AWS Cloudfront Distribution Pool/Node to an F5 iApp
Hi there, I was wondering if I could get some advice on connecting up AWS Cloudfront Distribution Pool/Node to an F5 iApp. The iApp in question has a default pool of on premises servers but we have a requirement in that for a specific URL path then we instead forward onto a AWS Cloudfront distribution. The below is a snippet from the irule we currently have configured: when CLIENT_ACCEPTED { SSL::disable serverside } when HTTP_REQUEST { if {([HTTP::uri] starts_with "/falc/")} { SSL::enable serverside HTTP::header replace Host "d2s8lx2sdbghef.cloudfront.net" pool d2s8lx2sdbghef.cloudfront.net } } The pool and the FQDN node are showing green which means F5 can resolve the addresses. However when we attempt to go to a URL which starts with the prefix above instead of being direct to the Cloudfront distribution (and the S3 content behind) we instead get the following: Check and the distribution has redirect HTTP to HTTPS configured on the behaviour and we are attempting to replace the Host with the matching distribution. I was wondering if this has been encountered by anyone before, if anyone has attempted anything similar and if able to get it working how that was achieved. Thank you in advance of any assistance that may provide.
Need iRule to block the traffic for specific URL
Hello Can somebody help on this please? I have LTM appliance & Virtual server 'https://www100.test.com' hosted. The requirement I have is to block all the traffic destinated to one of the application 'https://www100.test.com/ce' - is this something achievable by iRule If so do you have any idea on the iRule? Would appreciate somebody can help. Have seen this - https://support.f5.com/csp/article/K74012450 but that is looking too complex to me. Thanks
