f5 client certificate forwarding
i have website secure over F5 , it require client certificate which i need to forward it to the server. i don't f5 to validate the certifcate . just i need to pass it to sever.. i have add in ssl profile the client certificate as " require" , and i have add the root CA as Advertised Certificate Authorities because the client will use self sighn certificate .. in irule i did the below: CLIENTSSL_CLIENTCERT { if { [SSL::cert count] > 0 } { set client_cert [X509::whole [SSL::cert 0]] set session_cert $client_cert } } when HTTP_REQUEST { if {[info exists session_cert]} { HTTP::header replace "X-Client-Cert" $session_cert } now when i try to access the portal, certifcate popup is displayed and after choose the certifcate i got " the site can't provide a secure connection, err_ssl_protocol_error .. and in f5 i see the client certifcicate is attach to the header. so what might be the issue?
SSL Orchestrator and Layer 2 Service Integration
Has anyone encountered issues with rSeries Big IP Tenant with the integration of a layer 2 service? In my case, I cannot make the service to come up even though I have the exact VLAN name and tagging set in the OS bare metal, and exactly the same VLAN and tagging configured in the tenant.Adding metadata to certificates objects
Hello. In order to make renewing easier, we'd like to add custom metadata to certificates objects, such as contact information (we have a lot of customer-provided certificates). However, it seems to be impossible via tmsh, ie: # modify /sys crypto cert domain.tld metadata add { foo { value bar }} Syntax Error: "foo" unknown property # edit /sys crypto cert domain.tld Authorization Error: user rousse with role admin doesn't have access to "cert" Did anyone try something similar ?
F5 XC HTTP 404 rout_not_found / rsp_code 404
I would like to add more point about the HTTP 404 error: route_not_found / rsp_code 404 in an XC (RE + CE) deployment. 1. Even if XC has the correct host match value in the route, you might still observe a 404 response. In such cases, check the DNS configuration on the CEs. A possible reason could be that the CEs are unable to resolve DNS for host which is configured in route. 2. Even if XC has the correct host match value, the path might not match. For example, if you have a single route as shown below and the request comes as https://example.com/, you may see rsp_code 404 , as it is not matching any routes. Example : HTTP Method:ANY Path Match : Prefix Prefix:/hello Headers Host example.com Orginpool: example_orgin pool https://my.f5.com/manage/s/article/K000147490Need clarification regarding how to navigate within techdocs
Hello Team, I have a doubt while navigating within the techdocs. For example, Let's take this article: https://techdocs.f5.com/kb/en-us/products/big-ip-dns/manuals/product/bigip-dns-concepts-12-0-0.html here we can see, it's under "/kb/en-us/products/big-ip-dns/" path, but I am not able go into the root of it. where we should be able to find all the related articles related to BIG-IP DNS. can anyone please guide me on this? I found few useful ones, but it's still not solving my issues: - New and Updated Articles: - K000130285: F5 Product Manuals Index: https://my.f5.com/manage/s/article/K000130285 Thank you.Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error
Hi Mates, After upgrading rseries F5 OS to 1.5.4, I observed the below error and I am unable to do SSH for my F5 OS machine version 1.5.4 from the network: 10.54.7.0/24. Rest all the networks are working fine and we are able to do SSH to the same F5 OS machine. Is it something that device was unable to update this entry into iptables. Do we have to manually re-configure this rule? ys-host-config[11678]: priority="Err" version=1.0 msgid=0x7001000000000062 msg="Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES -s 10.54.7.0/24 -p tcp -m state --state NEW --dport 22 -j ACCEPT -w &>/dev/null" ERR="EXITINFO: 4".Remote Access in Remote Role Group
Is there any explanation about Remote Access Function in Remote Role Groups ? In this article https://techdocs.f5.com/en-us/bigip-17-0-0/big-ip-systems-user-account-administration/remote-user-account-management.html#GUID-92AF53AE-EBF4-41CA-A5D9-36313E66267D I didn't find use case for remote access function. ThanksHow to log HTTP/2 reset_stream
Hello, We are currently in a meeting to prepare for HTTP/2 DDoS attacks. What we would like to do is log the client’s IP address (either local or remote) whenever an HTTP/2 RESET_STREAM is received. Is there any way to achieve this? Would it be possible to implement using an iRule? Thank you.
