APM Domain/Username for RADUIS Auth
Hello community, could you help me with the following?. I've a simple per session AD Authentication policy -> working fine 2nd. I've a per-request-policy for specific paths which are secured with a 2FA Radius auth -> working also fine For user simplicity I would take over the username (domain\username) from per session AD Logon Page to per-request Logon Page. This only works in part :-/ At the moment I can pre-fill the username via session variable "session.logon.last.logonname" in the Logon Page. Username in Logon Page set to "Ready Only" After generating an OTP the APM log is showing the following error: "RADIUS Agent: Failed to read Username Source session variable:" Obviously, the variable is empty, despite pre-filling. I experimented a little with Variable Assign (implemented after Logon Page) but nothing changed. -> "RADIUS Agent: Failed to read Username Source session variable:" session.logon.last.username = expr { "[mcget {session.logon.last.domain}]\\[mcget {session.logon.last.username}]" } or session.logon.last.logonname = expr { "[mcget {session.logon.last.domain}]\\[mcget {session.logon.last.username}]" } Everything is working fine with a manual input of the domain\username in the Logo Page. Does someone have an idea to solve the issue/problem? Thanks a lot.F5 WAF Tester
Hi, anyone has experience on using F5 WAF Tester for testing the WAF policy to see whether it is working fine or not? Source: https://clouddocs.f5.com/training/community/waf/html/waf2023/module3/lab2.html I am concerning that it would impact the whole WAF or other applications that have WAF policies deployed.F5 LTM Traffic Policy - ignore action
In LTM Policy, when action set to "Ignore" - what is the outcome? Is the traffic that matches the ignore action rule, continues to the pool configured in VS and to the security Policy configured in VS. e.g AntiBot, DDOS profiles Update: Unable to publish this policy: Error: policy rule is missing an action controlling 'bot-defense'
Refresh "older" APM Policy?
Hey all, Was curious to hear anyone's opinions on at what point during the lifecycle of an APM policy (for instance, i have one that has roots in v11.5) should I consider building a fresh one? Similarly, is there any guidance on converting a policy to Modern templates? Thanks, Josh
Is it possible to use the following Irule syntac with TCL in a policy ?
Hello, I've setup some code in an Irule . This concerns a code that will take the URI, within this uri, search for first directory in the path and put it tolower before sending it to the server. set uri [HTTP::uri] set block [lindex [split $uri /] 1] if { $block ne [string tolower $block]} { set block2 [string tolower $block] HTTP::uri [string map [list $block $block2] $uri] #log local0. "Rewrited part of the URI : $block2" #log local0. "URI Send to Back-end application : https://[HTTP::host][HTTP::uri]" } Is it possible to put this code in a TCL within a policy rule ? I need to replace the first directory of the URI (ie: "/APPLICATION/dir1/DIR2/index.html") to lowercase /application/dir1/DIR2/index.html ( the rest of the URI must stay intact, only /Application/ part must be set to lowercase. Thanks in advance. Regards FrédéricSecure Cookie when the VIP is requested by IP (not URL)
Hello. I have a VIP config where the pool member is the one handling the cookie to the client. The pool member has a limitation when the client access the VIP via IP (not URL), the cookie is served not secured. I created this iRule which one of the side effects is an increased in the CPU utilization. when HTTP_RESPONSE { set cookies [HTTP::cookie names] foreach aCookie $cookies { HTTP::cookie secure $aCookie enable } } Is this the most efficient way? Is there a way to use a policy vs an irule? Thank you J
Will auto policy builder handle wildcards parameters like PAR1, PAR2, PAR3 -> PAR?
Hello, I am currently building up a policy in manual mode. Due to the size of this application, it requires a fair bit of work to add all parameters to the policy. A lot of these parameters are in the following form; PAR1 PAR2 iPAR1 iPAR2 PAR3 PAR4 ... PAR11 ... Does the automatic policy builder correctly build wildcard parameters with the numbers as a wildcard? Thanks. RegardsKeeping the original protocol in a policy
Hello, I am configuring a policy which will redirect to another URL keeping the original protocol (http or https) and URI. The URI is OK tcl:https://newURL.com[HTTP::uri] How I can do the protocol? If this is not possible, I guess I can have two rules/actions: one for http, one for https. Please comment Thank you Julio
