ASM Sizing calculation
Dears, I have BIG IP r2600 and enabled LTM module, i need to activate ASM and publish applications, how can i calculate sizing for r 2600 ASM. 80 Applications 250000 request per second for each one. How can i calaculate throuput and said r2600 is enough or need to migrate to new HW?2Views0likes0CommentsCookie not RFC-compliant - Cookie has no value
After upgrading the ASM to v16.1.5, applications are impacted due to this violation. Cookie: TS01e67e1b=01117c6e19857f90c59bf98aa78f99ae127e515a9e8b98b63394cb861749b60553d9deb146068ba33d4adc4809067c58864ec7a0a7; da9ec29c6b39e2b88e843f34fcc5c888=65d704e40287c7e10857d068a5c7e0e8; BIGipaaaaaaaaaaaaaaaa=!jg6d/hMU2jsserYjJogO6C4bpgnUbuxrViNJR0aXqUXe2HKAGIthD59Q0H/dwcVIrnAaJXJD1jpaAjDfbRxWeL0nv70gg6ZTvqjk6JeY; {}; bf73147a74759c67a3aeb25b4366db4b=c2f86fb44daf387390821d422f1e2128; c65f6ef4e400d09c0f0b01031bd4f543=922ff603468528d429baa6c55326993a; ce78ef2593547bf35a602fa87764cf66=ffc07f7c986d4b47f21881f4ced17bd8; f319c5d88cce600c230f6325ebd679da=ef9b4bae1258ba2df4dc3d462eb57fc6; bab5c74a20de5947515f788a66a1113d=1c975f92651ecbae9ce488302974ac6f; 5562f6b47d905c6971bd6205cd7a280f=4ebf40f732bea8170ece709b0bb26785; 580bbc8d2e73ba78a72fdc8852e084da=e1f990dbd9d7fdffff7a564ff5494f71; ecaab19faae5d2a3c391e04f443c7f00=390917dffad9a30a8b8ba039585e3870; 56269766768c8b4d9fa0a096871ef860=fa83211121101296d6c4963469ee910e; b08cac70fbebd894cc114a36d402393a=bacbc7745aebb8a56fb8479ebb6da69c; 1e9248c1ef07a284d0fdc6eac6fbb320=c9ef1cf6eaecda4b0268cbc818508627; 1ae1841113f8ed1046fed24bdbb209e7=56e403f6ee2b16da5526d29f89702617; JSESSIONID=7196FF8AF38E24CA3E94B359AEBD13EF; cfidsgbg-w-aabtestenv=J3cUWHklvHmPLynEsAFGqLPEmsHcFd2fQaLHlg0xhvu6qdNkrLUHHBCYcF4GlnVN3HA8HR9DSW1tdwEiEbTiqTvj0fFTsviMYVlhZbVvZ0qyEAN9AxKXFFdu5yyLPf2B5GYXjdptAaucmRnm09qYc6L85cj2oe031OBds+M=; TS01707b3f=017da02c37d17c78956026fa4cbd0ee1bbe7f19180822950b07f41cebabc61439b0c463077c6c4e56e4f3ed8f997ce4bf9c5a1b3c0 While we understand it's a known issue, the behavior in our case seems to be different. After upgrading to 17.1.1, 16.1.5, 15.1.10 , ASM blocking request with violation Cookie is not RFC compliant (cookie has no value) (f5.com) Would like to understand if this violation is triggered due to an empty segment on the cookie or for a different reason and how can this be fixed.12Views0likes0CommentsDoS profile documentation
Hello everyone, I'm in search of documentation for developing F5 DoS profiles. It seems to be lacking and difficult to find any well-prepared documentation. Do any of you have documentation related to F5 DoS protection? One of my clients needs to configure the DoS profile, but we have minimal information on how to fine-tune the profile. Thanks, Gayan.36Views0likes2CommentsF5 ASM
Hey I'm trying to get to know the ASM feature in Big-IP. I want to be able to block request based on specific ips or headers (+values) and more. I also want to configure it using an API, I saw there is something called iControl. Is there any docs that contain all the paths in iControl so I could search everything I need? It would also help me get more familiar with the feature53Views0likes2CommentsNeed to change HTML tag in HTTP response
Dear Team, If anybody need to change HTML tag or something similar to below in HTTP Response, you can refer it. For example, I would like to change "name" with "XYZ" in HTTP response, you can use below iRule ===================== when HTTP_REQUEST { #To avoid HTTP/1.0 to chunked encoding and to prevent compression remove Accept-Encoding HTTP::version 1.0 HTTP::header remove Accept-Encoding } when HTTP_RESPONSE { #Before collecting HTTP response, check whether content type is HTML or not if {[HTTP::header Content-Type] contains "text/html"} { # Collect up to 1MB of the response body HTTP::collect [expr 1024*1024] } } when HTTP_RESPONSE_DATA { #Ensure it is HTML Content if {[HTTP::header Content-Type] contains "text/html"} { # First replacement: replace "name=" with "XYZ=" set find "name=" set replace "XYZ=" set new_response [HTTP::payload] #Replace payload if {[regsub -all $find $new_response $replace new_response] > 0} { HTTP::payload replace 0 [HTTP::payload length] $new_response } } } =========================24Views0likes1CommentVerifiers and CSPs SHALL NOT require users to change passwords periodically.
That subject line is a requirement in the most recent NIST publication for Digital Identity Guidelines. https://pages.nist.gov/800-63-4/sp800-63b.html A summary is here: https://yro.slashdot.org/story/24/09/27/0021240/nist-proposes-barring-some-of-the-most-nonsensical-password-rules with links to https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/ The authors take is that these are nonsensical and commonsense updates. I agree, from a users perspective, with the basics set out in the piece - but what aren't they/I thinking about?4Views0likes0CommentsKeep encoding when request is handled by irule
I have custom irule to check data in payload. I noticed issue when non-latin characters are detected, for example Japan characters. In this case seems that byte array is not read correctly (2 bytes vs 4 bytes) what just corrupt/change payload. I am almost sure that I hit follow: https://my.f5.com/manage/s/article/K22406348. There is mentioned option to use binary scan but does not work for me. In generally I do not add anything to payload or modify it. I just compare some properties and block request if it match condition. How I can keep origin payload as it is?28Views0likes2Comments