Irule to allow specific IPs
I have a site which is abc.com Trying to achieve below requirements- 1) If uri is / it should redirect to abc.com/xyz - open for all 2) If uri is /rdp_xyz_tshoot should accessible to internal network - (here we can use the datagroup list) As this site is migrated to akamai where they have requirement to use below irule- when HTTP_REQUEST { if { [HTTP::header exists True-Client-IP] } { set trueclientip [HTTP::header True-Client-IP] HTTP::header replace X-Forwarded-For $trueclientip } } Cause for above akamai irule= Normally the True-Client-IP header includes the real IP of the clients when requests are coming from Akamai. It will be unaffected and be sent as part of the request to the pool member. So, your backend servers could look for that header and do something with its value. However, if you want the F5 to translate it to the X-Forwarded-For header, you can use an iRule to convert the Akamai True-Client-IP header to the X-Forwarded-For header. we are trying with below irule which is not working- when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/rdp_xyz_tshoot") && (not[class match [IP::client_addr] equals allowed_IPs])} { reject } if { [HTTP::uri] == "/" } { HTTP::redirect "https://[HTTP::host]/abc_login.jsp" } } Please help15Views0likes0CommentsVerifiers and CSPs SHALL NOT require users to change passwords periodically.
That subject line is a requirement in the most recent NIST publication for Digital Identity Guidelines. https://pages.nist.gov/800-63-4/sp800-63b.html A summary is here: https://yro.slashdot.org/story/24/09/27/0021240/nist-proposes-barring-some-of-the-most-nonsensical-password-rules with links to https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/ The authors take is that these are nonsensical and commonsense updates. I agree, from a users perspective, with the basics set out in the piece - but what aren't they/I thinking about?6Views0likes0CommentsSuspicious SSL TPS Spikes
Hello, I'm kind of struggling to wrap my head around some weird spikes I'm seeing on the F5 BIG-IP Dashboard. We had two of these spikes this week, hitting like x1200 more SSL TPS than our usual high average. I'm thinking it might be some kind of attack, given the fact that we also faced some DDoS recently, but honestly, I have no clue how to dig deeper into it. Or is it possible to be a bug (found this: https://cdn.f5.com/product/bugtracker/ID499348.html) ? Any ideas are highly appreciated, thank you!118Views0likes1CommentCybersecurity Awareness Month - Fun with Passwords
Head over to the password game and let me know what level you check out at! And Happy Cybersecurity Awareness Month! What security technology are you learning this month? Can't seem to embed shorts here...but here's my attempt: https://youtube.com/shorts/3dtrcAmi__E?si=6dVwa8iKI3IPH8wh620Views5likes3CommentsAsking for advice on a career in cybersecurity
Hi F5ers, I hope you are doing well. After getting F5 401 and 402 certified, and working with many security solutions during the last 13 years, I am planning to go deeper into other cybersecurity fields, like security auditing, governance and compliance, risk management... If anyone has already taken a similar move or has experience with other cybersecurity fields, please share what would be a good track for learning and certifications. Any information or advice is welcome Cheers1.2KViews3likes3Comments