"ACCESS::disable" - doesn't work when try to bypass Access Policy with an iRule below:
Hello, we are using APM module in F5, there is an existing iRule defined that force all the front end users to use smartcard when access the F5. So we are trying to bypass the "Access Policy" using "ACCESS::disable" for some of the resources below, however, none of them work, can you please let me know if anything wrong below? Per https://community.f5.com/discussions/technicalforum/forwarding-requests-to-apm-based-on-uri-/67707 it should work! Thanks! Very appreciate your help!
Issues Integrating Compass Mobile Tree with F5
Hi all, I'm having trouble integrating Compass Mobile Tree Employee Portal with our F5 setup. Key issues include: Session Management: Users experience frequent logouts. Authentication: SSO is not functioning properly. Performance: Slow access during peak times. SSL Offloading: Problems with secure connections. I’ve verified F5 settings and tested performance. Any advice or similar experiences? Thanks!
AutoDiscover Issue with Exchange 2016 iApp
Hello together, got one big problem: I have deployed successfully the iApp template of Exchange 2016 and the customer wants to use OWA and AutoDiscover Service. The AutoDiscover Service is not working as expected.. so the user cannot authenticate with e-mail or domain\username. My Access Policy: Logon Page (Split Domain from full Username YES) -> AD Query (Cross Domain Support DISABLED) -> AD Auth (Cross Domain Support ENABLED) -> SSO Credential Mapping (default). I used the right Domains and Access Profiles. OWA is a logon possible with E-Mail, User and domain\User. But AutoDiscover is just User and domain\User. E-Mail is NOT working. Does anyone know, how the users could finally authenticate via E-Mail? They're claiming that they're not able to use AutoDiscover Thanks in Advance! Hank
BIG-IQ 7.1.0 on AWS - MCPD issues
I have previously been running BIG-IQ v6 in AWS without issues. Last week I deployed BIG-IQ v7.1.0 however I keep having the following issue; after I reboot the instance, the mcpd service is reported as not running or keeps restarting. WebGUI does not even load, and SSH sometimes returns a slow/unresponsive tmsh session, and other times errors out and closes the session. Steps to re-create: Deploy BIG-IQ v7.1.0 from the AWS Market place Allocate Elastic IP, Start Instance and Add a Trial License Add a new device (BIG-IP running 12.1.5.2) Deploy AS3 declarations to the BIG-IP Delete the AS3 declared applications (through AS3) Shutdown the instance from tmsh Start the instance Issues Observed: The Web GUI does not load Attempts to SSH to the BIG-IQ return an error : cfg exception: (The connection to mcpd has been lost, try again.) Viewing the system log from AWS Console shows multiple entries of 'Starting Retrieve public keys for ssh(aws-init): runsvstat: warning: /service/restnoded: runsv not running. runsvstat: warning: /service/restnoded: runsv not running. I would like to know : Is this a known issue? Is there a known cause? I could not find any KB articles that relate to this. How can one recover the BIG-IQ since neither GUI nor SSH are operational?Web Server HTTP Header Internal IP Disclosure
One of my virtual servers returns the vulnerability Web Server HTTP Header Internal IP Disclosure during a Nessus scan. Security is asking me to fix this but I am not sure how. I tried creating a traffic policy that looks for the user agent browser version but it did not work. Can I remediate this using a traffic policy or an irule? Results from the Nessus scan (I replaced internal ip with x): Nessus was able to exploit the issue using the following request : GET / HTTP/1.0 Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1 Accept-Language: en Connection: Close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Pragma: no-cache Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* This produced the following truncated output (limited to 10 lines) : ------------------------------ snip ------------------------------ Location: https://x.x.x.x Content-Length: 0 Set-Cookie: BIGipServersecuritycode_pool=!eqWzOV3gZ9FYUseX0oXX4p1/qldnSqlypGSckjlKQ4SixTXmSwQJ5JGJA+YkLWE6hOe7moh3oHoh8P8=; path=/; Httponly; Secure X-FRAME-OPTIONS: SAMEORIGIN ------------------------------ snip ------------------------------
