empty character in policy conditions
Hello good, I have changed iRule to policies, I have an HTTP-->HTTPS redirection rule that is formed as follows. when HTTP_REQUEST { if { ( [HTTP::uri] equals "" ) or ( [HTTP::uri] equals "/") } { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } According to that iRule, whether the uri begins with / or ' ', it redirects me to HTTPS But when it comes to passing it to policies, I can't find the way to indicate the empty character. Does anyone know how to indicate it? I have already tried to put ' ' and add it but it doesn't work. Greetings and thanks.
Managing many WAF policies
Hello guys My question is more likely to be administrative question, and less technical. And I need some advices on this. We're managing so many WAF policies for so many websites. About 50+ policies. And each website has his own developers. So each time there is WAF suggestions on each policy we contact each developer to tell us if we should accept those suggestions or discard them. And this is a lot of work. Those developers has no access to the F5 machine and even have no clue how to manage it. I thought about creating an FTP server where I can upload those suggestions there and give access to developers and then they will update me which suggestions to approve and which not. But I'm not sure if this is creative solution, plus there will be a lot of work of exporting and uploading suggestiins. Has any one faced the same thing and came up with a creative solution and made it easy to manage this amount of policies with those amount of developers?What do you think about this?
Source IP redirect, change host, uri and change to 443
I'm using BIG-IP LTM I have a VIP on port 4001 taking external connections, this goes to a pool with a client SSL cert. I am trying to "route" to a different destination based on the source IP address. However, I need to manipulate the uri as well. I have tried this via an iRule, but looking at the forum people are saying just use the policies section of the F5. I am a network engineer by trade and I very rarely get this deep into LTM. Please can you assist? I have outputs from what I have tried below. I have run packet captures and see that the request does forward, but in plain text (iRule output), so I have tried to encrypt it before sending it to the destination, but I don't think I'm doing it right. pool_RTS_Azure = dev.api.comany.com:443 pool_RTS_4001 is the default pool pool_RTS is the same as pool_RTS_4001
ASM Policy error importing on Version 14
Hi, I have 25 asm policies in Version 13 BIG-IP. When importing them all in to a new instance of BIP-IP 14, 2 policies give the same error and do not import. The error reads: Can't call method "new" on an undefined value at /usr/local/share/perl5/F5/ASMConfig/Entity/Suggestion.pm line 279. Is there something in the XML file that I can adjust/remove in order to correct this? Thank you
LTM Tfaffic Policies via iControlRest
Prior to v12.1.0 I had an automation script which we run in batches of dozens to hundreds of VIP, Pool, Profile, Policy, etc creations. The script utilizes the Rest interface to create Policies and after Vip creation, it applies the policies. Much to my surprise after our network team upgraded some of our F5s to v12.1.0 last week, the Policy creation broke. I explored this in the GUI and see the problem. There is now a "draft" phase introduced before published policies. I managed to tinker with my powershell and successfully create a new "draft" policy. However, I cannot successfully get the draft policy published via the Rest interface. Does anyone know how this can be accomplished programmatically? Using the GUI is not a viable option when I am building out hundreds of Policies at a time.LTM Policy with HTTP_REQUEST and HTTP_PROXY_REQUEST
Hello, I try to create ltm Policy Rule to forward traffic to different virtual IP with check http host. BIG IP version: 13.1.08 I created a first Policy with two rules: Policy name: TEST2 First Rule to match HTTP PROXY REQUEST And When attempting to create a second rule to match HTTP REQUEST , the system displays an error message that appears similar to the following example: An error occurred: transaction failed:010716e2:3: Policy '//Drafts/', rule ''; an action precedes its conditions. The same configuration with an irule works. Thank you for your return. Guillaume
iRule or Policy to do Redirection Possibly
All, I am fairly new to the f5 and I'm trying to figure out how to do redirection when using url with port number then hitting a pool it would load balance one of the servers. I've already created the nodes with port numbers 10400 and 10000. I've create a pool with those nodes and create http and https VIP. What I'm trying to do is when a user type in or or or it will load balance using those pools. When I do that I keep getting the page cannot be displayed. Going to the servers directly work: But if I go using the VIP it doesn't work:
LTM policy based on client source IP
Hi everyone. We are in the process of reviewing our iRules to see if there are any we can simplify or replace with configuration as we move up to newer versions of 11.x. Does anyone know if there is a way to build a LTM policy that matches on the IP address of the client ? I would have thought it would be obvious but I cannot spot it anywhere. We have certain clients we apply particular redirects to - some hardcoded in iRules and others listed in data groups. Would love to be able to build a policy that matches the client IP to an IP is an iRule data group. If not, I'll just stick with my current iRule. Thanks ! Mark.
