HTTP Health Monitor in Receive Strings with Regular Expressions
Hello Community, I need to monitor http servers with regular expressions in the http receive strings. If receive string exact match with "Healthy" word then F5 send the requests to the servers. list ltm monitor http Healthy { adaptive disabled defaults-from http destination 10.0.1.20:http interval 5 ip-dscp 0 recv \bHealthy\b recv-disable none send "GET / HTTP/1.1\r\nHost: 10.0.1.20\r\nConnection: Close\r\n\r\n" time-until-up 0 timeout 16 } Server up and running and regex is fine but pool members are down. I need some help in this topic. Thank You / Best Regards
ASM - regex in Parameter Name
Hi, I'm looking for a possibility to implement a dynamic parameter, that contains a string that may vary as parameter name itself. It's something like this: <soap:Envelope xmlns...> <abcd:Envelope xmlns...> <fghjkl:Envelope xmlns...> I thought of creating a Wildcard Parameter like this: <[a-zA-Z0-9]{2,15}:Envelope* so it matches an alphanumeric, 2-15 chars long string. Unfortunately it seems that you can't use any quantifiers in the parameter name (at least according to this thread from 11 years ago: https://devcentral.f5.com/s/question/0D51T00006i7VCi/regex-in-parameter-name ) Does anyone know if there is any solution to this problem by now? Or if there is a possibility to do this in a syntax that is supported? (the 2-15 is not mandatory, could be more or less chars too) Otherwise I'm afraid that I really have to follow the suggestion from this thread and add 14 different parameters, one for each length :( Thanks in advance!
Custom attack signature syntax for multiple user agents
Hi, I want to create a custom attack signature that will block requests that contains specific user agents. I've already created a signature that blocks Python user agent, but I'm not sure how to add multiple ones to the same signature. Under "Rule" section, I use the Simple Edit Mode and I have set: Matched Element: Header Matched Criteria: Matches regular expression Keyword: User-Agent:.*[Pp]ython.* How do I add more user agents? Thanks
is it possible to use regex within switch block?
Hello! Is it possible to use regular expressions within switch block? My scenario: a.domain.com a.domain.net So different TLDs. Now I want to write iRule that will handle both 'com' and 'net', but I can't figure this out and instead I have to use following syntax: when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "a.domain.com" { pool some_pool_a } "a.domain.net" { pool some_pool_a } "b.domain.com" { pool some_pool_b } "b.domain.net" { pool some_pool_b } } } I would like to rewrite this iRule to something like this: when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "a.domain.[com|net]" { pool some_pool_a } "b.domain.[com|net]" { pool some_pool_b } } } but it seems to be not working. Do you guys have any good idea how to fix it? BTW - I'm using v11.6 of BIG IP software.
Better option for multiple delimiters
I'm thinking there has to be a smarter way to accomplish what I'm doing here. I need to break out each value in the SSL Subject_dn, maybe a regex or ?? this is getting me what I need, but pretty sure there is a better way to accomplish this... any ideas appreciated. if {[SSL::cert count ] > 0}{ set subject_dn [X509::subject [SSL::cert 0]] log local0. "this is the SSL Subject $subject_dn" set cn [getfield $subject_dn "," 1 ] set ou [getfield $subject_dn "," 2 ] set o [getfield $subject_dn "," 3 ] log local0. "CN=$cn, OU=$ou, O=$o" set cn2 [ getfield $cn "=" 2 ] set ou2 [ getfield $ou "=" 2 ] set o2 [ getfield $o "=" 2 ] log local0. "$cn2 $ou2 $o2"Detect regexp pattern in tcp payload
I was hoping someone could help me out on the proper syntax and approach to using either matches_regex or regexp to match a string pattern in a tcp payload. Basically I am trying to detect if within a payload there is a string comprised of 8-16 characters that can be either upper lower case or numeric, no spaces or returns. I have tried the following but have had no success: when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { set payload [TCP::payload] if { [regexp {[a-zA-Z0-9] {8,16}} $payload] } { log local0. "Got a match!" } } My regex isn't strong so I don't know if that's where I'm messing up or if my syntax/approach to this iRule is wrong. I haven't found the matches_regex or regexp documentation to be all too helpful so hoping the dev community can help out!
Regex for variable monitor recv string
DevCentral, I have a regex ask. I am trying to set up an http monitor that get this in the response "totalRows="3311"" I need to set up the recv string to accept any number from 1 to 9999 in the quotes. Have tried: totalRows=”[1-9][0-9]*” totalRows=/”[1-9][0-9]*/” and taken some other more desperate stabs in the dark I am too embarrassed to post. :) Let me know if you have any ideas! As always, Thanks in advance!!! David Pasch F5-CTS