error code 503 redirect irule
Hello, I want to create a logical path in F5 where if one server pool is down, we get an error code 503, then a redirect happens to a second pool. This is what I have written, but does not seem to redirect when the second pool is offline. Is the i-rule OK but need to set priority activation on the pools or is there something flawed with the irule? here is it below; when HTTP_RESPONSE { # Check if the response status code from the server is 503 if {[HTTP::status] == 503} { # Log the action (optional, for troubleshooting) log local0. "Received 503 from backend. Reselecting to fallback_pool." # Attempt to select an alternate pool pool ta55-web-lb-dev-f5-ssl-pool2 } else { pool ta55-web-lb-dev-f5-ssl-pool } }Restful API call takes too long
Hi everyone: I encountered the problem of the API call taking too long when using the RESTful API. The entire call process took more than forty seconds. As shown in the figure below: All the APIs have this problem. API call runs successfully but the TTFB part exceeds 40s. However, after I tried adding the default route, the problem disappeared. I tried testing in another environment and found that regardless of whether the default route was configured, the API calls worked fine. But I don't know what configurations in the original environment might have caused this problem. Does F5 have any configurations that cause internet access when calling a RESTful API? Is there anyone who can help me explain this problem? Best regards ecolauceF5OS login with admin/root failed via console
Right now we have a new rSeries installed, which is currently only accessible via console cable. First login with default password was fine and changing password was also successful. Then I prepared the device with our default configuration including TACACS authentication. Also appliance-mode is enabled. All configurations were commited successfully. Now when I try to login in again, it failed with "login incorrect" error, but the password is definitely correct. What's the reason for this and how can I get access again? Or do I need to wait until the management port is up and TACACS server is reachable? Or how can I fully reset the device again? Power cycle and then interrupting the boot process? Is there a documentation available, how to perform this? Thank you! Regards, StefanHow can I get started with iCall
Hi all . Recently, I want to learn how to use iCall to do some automated operations work, but I haven't seen any comprehensive tutorials about iCall on askf5. Are there any good articles I can refer to for learning? Do I need to systematically learn Tcl first? I still have a question about iCall. What is the difference between using iCall and using shell scripts with scheduled tasks to achieve automated management and configuration of F5? Best RegardsHigh availability Blade
Hello everyone, I would like to know if is possible to configuire high availability on two Blade BX110. At the moment I have only one blade where there are all Tenants and, the capacity of using it, is 85% . The customer want to buy another Blade but, it wants that for every Velos, te two blades build a unique partition. Is it possible to do it by considering that in one blade there are all Tenants in a production environment ? Which type of impact there will be ? To sum up could i configure both blade in high availability with no run the risk to block the services of the Tenants ? I have read that is possible to make a setup of the blades but is not mentioned that this activity could provide, if on the one are presents Tenants, to reset the configuration. Many thanks in advanced for your help. Awaiting your news,ACME DNS RFC-2136 Let's Encrypt certs
I've been pushing on certbot to handle CNAME entries when ordering certs, and finally given up. https://github.com/certbot/certbot/issues/6787 https://github.com/certbot/certbot/pull/9970 https://github.com/certbot/certbot/pull/7244 This repo contains scripts that: Create an ACME account with Let's Encrypt use TSIG credentials to talk to bind (RFC-2136) create TXT record in correct zone by following CNAME and SOA entries if present downloads certs installs certs on one or more F5s. The F5 credentials requires Administrator rights as Certificate Manager can't upload files. https://github.com/timriker/certmgr CNAME records are recommended to a zone with minimal or no replication and a low TTL. ie: _acme-challenge.example.com CNAME example.com._tls.example.com _acme-challenge.example.net CNAME example.net._tls.example.com _tls.example.com would have one name server and 30 second TTL or so a TSIG key would be created that only needs update access to _tls.example.com Comments welcome. JRahm I'm looking at you. 😎 More info: https://letsencrypt.org/docs/challenge-types/
Illegal Request in Learning Suggestion for 200 OK response
Dears, I want to know the reason why this suggestion is showing an illegal request status even though response code is 200 OK. Is it because multiple violations triggered? The policy is in transparent mode and I am just verifying the suggestions. Can someone please provide an expert advise?
/mgmt/toc - not possible to launch rest api rest browser
Hi, could you help please on how to kick off the api rest browser? attaching below the internals Thank in advance after providing my admin credentials, the follwoing response is returned { "code": 400, "message": "URI path /mgmt/logmein.html not registered. Please verify URI is supported and wait for /available suffix to be responsive.", "referer": "https://1.2.3.4/mgmt/toc", "restOperationId": 13525870, "kind": ":resterrorresponse" } Platform ID Z101 Platform Name BIG-IP Tenant Software Version BIG-IP v17.1.3 (Build 0.20.11) Bundle, r5600
