policy
55 TopicsF5 WAF Tester
Hi, anyone has experience on using F5 WAF Tester for testing the WAF policy to see whether it is working fine or not? Source: https://clouddocs.f5.com/training/community/waf/html/waf2023/module3/lab2.html I am concerning that it would impact the whole WAF or other applications that have WAF policies deployed.77Views0likes2CommentsF5 LTM Traffic Policy - ignore action
In LTM Policy, when action set to "Ignore" - what is the outcome? Is the traffic that matches the ignore action rule, continues to the pool configured in VS and to the security Policy configured in VS. e.g AntiBot, DDOS profiles Update: Unable to publish this policy: Error: policy rule is missing an action controlling 'bot-defense'28Views0likes1CommentURL rewrite
I'm trying to figure out how to write a policy or iRule that will modify a URL For an example, a number of URLs (url1.mycompany.com, url2.mycompany.com, url3.mycompany.com, etc) point to a virtual server on our F5. I would like to create an iRule or Policy that will modify or rewrite the URL before routing the traffic to the nodes in the Pool to be (url1.ce2.mycompany.com, url2.ce2.mycompany.com, url3.ce2.mycompany.com, etc). In other words I need an iRule or policy that rewrites *.mycompany.com to *.ce2.mycompany.comSolved190Views0likes5CommentsRefresh "older" APM Policy?
Hey all, Was curious to hear anyone's opinions on at what point during the lifecycle of an APM policy (for instance, i have one that has roots in v11.5) should I consider building a fresh one? Similarly, is there any guidance on converting a policy to Modern templates? Thanks, Josh188Views0likes4CommentsASM block page for use with API waf policy
Hey all! I´ve setup a asm waf policy for a webservice that handels api calls. But the standard response on a block is a 200 OK with the block webpage, which works great if a person can see it on the screen.. when it´s an api call the service just gets a <!DO (the first characters of the webpage) and a 200 OK. What I want to do I just return a 403 / 503 (or something like that) and just respond with the support ID in a header back to the source. I´ve got most of it figured out, except the header part... So... doesnt anyone know a good way for me to insert a support ID to a header response back to the client?Solved1.8KViews0likes17CommentsIs it possible to use the following Irule syntac with TCL in a policy ?
Hello, I've setup some code in an Irule . This concerns a code that will take the URI, within this uri, search for first directory in the path and put it tolower before sending it to the server. set uri [HTTP::uri] set block [lindex [split $uri /] 1] if { $block ne [string tolower $block]} { set block2 [string tolower $block] HTTP::uri [string map [list $block $block2] $uri] #log local0. "Rewrited part of the URI : $block2" #log local0. "URI Send to Back-end application : https://[HTTP::host][HTTP::uri]" } Is it possible to put this code in a TCL within a policy rule ? I need to replace the first directory of the URI (ie: "/APPLICATION/dir1/DIR2/index.html") to lowercase /application/dir1/DIR2/index.html ( the rest of the URI must stay intact, only /Application/ part must be set to lowercase. Thanks in advance. Regards Frédéric545Views1like2CommentsSecure Cookie when the VIP is requested by IP (not URL)
Hello. I have a VIP config where the pool member is the one handling the cookie to the client. The pool member has a limitation when the client access the VIP via IP (not URL), the cookie is served not secured. I created this iRule which one of the side effects is an increased in the CPU utilization. when HTTP_RESPONSE { set cookies [HTTP::cookie names] foreach aCookie $cookies { HTTP::cookie secure $aCookie enable } } Is this the most efficient way? Is there a way to use a policy vs an irule? Thank you J355Views0likes2CommentsWill auto policy builder handle wildcards parameters like PAR1, PAR2, PAR3 -> PAR?
Hello, I am currently building up a policy in manual mode. Due to the size of this application, it requires a fair bit of work to add all parameters to the policy. A lot of these parameters are in the following form; PAR1 PAR2 iPAR1 iPAR2 PAR3 PAR4 ... PAR11 ... Does the automatic policy builder correctly build wildcard parameters with the numbers as a wildcard? Thanks. Regards237Views0likes1CommentKeeping the original protocol in a policy
Hello, I am configuring a policy which will redirect to another URL keeping the original protocol (http or https) and URI. The URI is OK tcl:https://newURL.com[HTTP::uri] How I can do the protocol? If this is not possible, I guess I can have two rules/actions: one for http, one for https. Please comment Thank you Julio251Views0likes1CommentHTTP Policy
Hello, I am attempting to write an HTTP Policy that validate several aspects (HOST HEADER & URI) of a request before forwarding on to the default pool. When I had single values the policy was working great, now that I've add multiple values I no longer get the desired outcome. When I the apply URI check it begins to RESET all traffic. The check of /status and the HOST HEADER work without issue. Thanks! ltm policy /QA/API_SERVICES { controls { forwarding } requires { http } rules { ALLOWED_SERVICES { actions { 0 { log write message "DENIED ACCESS TO WEB SERVICE" } 1 { forward reset } } conditions { 0 { http-uri path not contains values { /favorites/ /users/ } //ONLY PERMIT IF URI CONTAINS ONE OF THESE VALUES } } ordinal 3 } DROP_STATUS_PAGES { actions { 0 { log write message "DENIED ACCESS TO STATUS PAGE" } 1 { forward reset } } conditions { 0 { http-uri path ends-with values { /status } //BLOCK ACCESS TO STATUS PAGES } } ordinal 2 } HOST_HEADER { actions { 0 { log write message "INCORRECT HOST HEADER" } 1 { forward reset } } conditions { 0 { http-host host not values { service1.domain1.ca service2.domain1.ca } //DOES THE HOST HEADER CONTAIN EITHER OF THESE VALUES } } ordinal 1 } } strategy /Common/first-match }233Views0likes1Comment