this
3 TopicsiControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri
I am working on automating SSL creation workflows with the python f5-sdk / iControl. I had the following set of code that was working last week, and as far as I know nothing changed since I'm the only one working on the big-ip. I've scoured the logs and support.f5.com but I can't find any further information about the error presented. I am using the f5-sdk with the following code: ##This section of code works mr.shared.file_transfer.uploads.upload_stringio(io.StringIO(request_obj['pkey']), '{0}.key'.format(domain)) mr.shared.file_transfer.uploads.upload_stringio(io.StringIO(request_obj['cert']), '{0}.crt'.format(domain)) I can then login to the Big-IP and `run /util bash` >cd /var/config/rest/downloads >ls domain.example.com.crt domain.example.com.key tmp However when I get to creating the certificate: mr.tm.sys.file.ssl_certs.ssl_cert.create(name = "domain.example.com.crt", sourcePath="file:/var/config/rest/downloads/domain.example.com.crt") This line in particular - I am presented with the attached StackTrace. --------------------------------------------------------------------------- iControlUnexpectedHTTPErrorTraceback (most recent call last) <ipython-input-39-a8ff9ebc3cca> in <module> ----> 1 mr.tm.sys.file.ssl_certs.ssl_cert.create(name = "domain.example.com.crt", sourcePath="/var/config/rest/downloads/domain.example.com.crt") ~/pyenvs/py37/lib/python3.7/site-packages/f5/bigip/resource.py in create(self, **kwargs) 1051and state on the BIG-IP®. 1052""" -> 1053return self._create(**kwargs) 1054 1055def _check_load_parameters(self, **kwargs): ~/pyenvs/py37/lib/python3.7/site-packages/f5/bigip/resource.py in _create(self, **kwargs) 1013 1014# Invoke the REST operation on the device. -> 1015response = session.post(_create_uri, json=kwargs, **requests_params) 1016 1017# Make new instance of self ~/pyenvs/py37/lib/python3.7/site-packages/icontrol/session.py in wrapper(self, RIC_base_uri, **kwargs) 293response.url, 294response.text) --> 295raise iControlUnexpectedHTTPError(error_message, response=response) 296return response 297return wrapper iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://10.71.46.65:443/mgmt/tm/sys/file/ssl-cert/ Text: '{"code":400,"message":"Failed! exit_code (3).\\n","errorStack":[],"apiError":26214401}' ------------------------------------ All of this code worked last week without issue. Any idea how to begin troubleshooting this error?899Views0likes4CommentsiRule Limit the number of HTTP requests by a client within a specified time
This iRule block all the traffic from the clientes with the ip addresses listed inside the iRule, doesnt work like the logic code, can you help me to understand which is the issue with theiRule? when RULE_INIT { #This defines how long is the sliding window to count the requests. This example allows 10 requests in 1 seconds* set static::windowSecs 1 #IP Client address maximun request for each oneand the vlan id %819 for the partition set class::conn_limit_dg{ host 52.205.169.24%819 {"4"} host 52.205.60.156%819 {"4"} host 52.205.89.86%819 {"4"} host 71.201.163.113%819 {"4"} host 34.197.3.255%9819 {"26"} } } when CLIENT_ACCEPTED { #Max connections per client IP set limit [class match -value [IP::client_addr] equals conn_limit_dg] log local0. "[IP::client_addr]: \$limit: $limit" } when HTTP_REQUEST { #Check if client IP is in the connection limit data group and the request is a GET if { $limit ne "" and [HTTP::method] eq "GET"} { set getCount [table key -count -subtable [IP::client_addr]] log local0. "[IP::client_addr]: getCount=$getCount" if { $getCount < $limit} { incr getCount 1 table set -subtable [IP::client_addr] $getCount "" indefinite $static::windowSecs } else {log local0. "[IP::client_addr]: exceeded the number of requests allowed. $getCount / $limit" #HTTP header with connection limit exceed the count request HTTP::respond 429 content "Too Many Requests" } } }786Views0likes4CommentsInserting Iframe in Header for one of URL
Dear Community, We have a VIP on which 15 URLs are terminated, now the request is to allow iFrame headers in one of URL. Please suggest how we can add on one URL. Need to apply iFrame iRuel for header insertion on URL: utilesourcedev.test.com Existing iRULE: when CLIENT_ACCEPTED { #If http is detected, disable the Clientside Profile #This is needed because the SSL Profile is configured as enabled by default on the VIP if { [TCP::local_port] == 80 }{ SSL::disable clientside } #If https is detected, enable the Clientside Profile (Enabled by Default) if { [TCP::local_port] == 443 }{ SSL::enable clientside } } when SERVER_CONNECTED { if { [TCP::server_port] == 80 }{ SSL::disable serverside } } when HTTP_REQUEST { if {([TCP::local_port] == 80) and ([string tolower [HTTP::host]] != "utilities.test.com") and (not ([string tolower [HTTP::uri]] contains "portal/webserv/dominion/msaqd.cfm")) and (not ([string tolower [HTTP::uri]] contains "portal/webserv/dominion/proddata.cfm")) and (not ([string tolower [HTTP::uri]] contains "portal/webserv/dominion/msaq.cfm"))}{ HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] return } switch -glob [string tolower [HTTP::host]] { "utilesource.test.com" { node 1.1.1.1:443 } "utilesourcedev.test.com" { node 1.1.1.2:443 } "utlmfprd01.test.com" { #Might need to put an exclusion for the http redirect for this site. SSL::disable serverside node 1.1.1.3:80 } "access360.test.com" { node 1.1.1.4:443} "wsecomm.test.com" { node 1.1.1.5:443} "amisvcs.test.com" { SSL::disable serverside node 1.1.1.6:8080 } "qual-amisvcs.test.com" { SSL::disable serverside node 1.1.1.7:8084 } "amisvcs-i.test.com" { SSL::disable serverside node 1.1.1.8:8081 } } } iFrame Header Insertion iRule: when HTTP_RESPONSE { if { not([HTTP::header exists "X-Frame-Options"])}{ HTTP::header insert X-Frame-Options {ALLOW-FROM https://s1-2.ariba.com} } else { HTTP::header replace X-Frame-Options {ALLOW-FROM https://s1-2.ariba.com} } }2.5KViews0likes2Comments