Redirect on user browser inactivity on LTM VIP
We have a type Standard F5 LTM VIP (no APM, no ASM, just LTM) with a pool of application servers. Only SSL, TCP and HTTP profiles are applied to that VIP. Connection is made by browser to URL https://www.mysite.com/mypage and web page content displayed. All good at this point. Then a user is idle for 20 minutes doing nothing. We want in this case of inactivity to send http redirect from F5 to a user browser to redirectto https://www.mysite.com Again this is a very basic VIP; beside TCP profile idle timeout I don't see any other posisble timeouts and TCP idle timeout is totally different from what we want to do... Any suggestion how our goal can be achieved? Thanlk yuo in advance!465Views0likes3CommentsAPM :: Async Error :: Session deleted due to user inactivity
Anybody run into this error before? Been chasing "Session deleted due to user inactivity" when the user swears that it disconnects in the middle of their session while they are actively working. Saw this in the informational logs and wondered if it was related... 2018-03-29 01:29:19 /Common/main:Common:xxxxxxxx: {61b5.C} An exception is thrown: AsyncError:1: SuppliedUnexpectedAny901Views0likes3CommentsBIG-IP : device-side timeout applied to iControl operations ?
F5 BIG-IP LTM VE v11.4.0 on ESXi The iControl API classes accept a timeout parameter - which to be safe I set to 3600000 ms = 1 hr ( how to set to infinite ? ) However calls to LocalLB.DataGroupFile.set_file_path() API ( that when successful complete in under 10 mins ) sometimes return this error : The underlying connection was closed: An unexpected error occurred on a send. Is it possible that BIG-IP is applying its own internal timeout to iControl requests ? If so, how to configure my BIG-IP device's internal timeout ?224Views0likes0CommentsTomcat pool member not replying to the syn from F5
I have an F5 LTM sitting in front of two tomcat servers which host 4 applications. When I initially create the pools and add the members to the LTM I can hit all applications. This is the weird part, after an undetermined amount of time the tomcat servers stop responding to SYN requests sent by the F5. Makes me think it is some type of time out issue. I can still hit the tomcat servers directly and can curl pages on the tomcat servers via the CLI of the F5. Here is a TCP dump from the F5 when I attempt to access the one of the tomcat applications via a VIP. 2014-01-17 15:38:50.50032420.980713017710.192.209.110.192.209.11TCP808165281209177OUT s1/tmm3 : 65281 > 8081 [SYN] Seq=0 Win=4380 Len=0 MSS=1460 WS=1 TSval=2716693891 TSecr=0 SACK_PERM=1 I have disabled tcp_timestamps and tcp_window_scaling on the tomcat host. Any ideas? I have been working on this for about a week and have hit a wall.Solved463Views0likes2CommentsiRule to increase tcp timeout for given client
Hi, I need to increase a tcp timeout value. when a certain client connects to VIP. I did this: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { TCP::idletime 600 } } But it resulted in an error: "increase_idle_timeout:3: error: [undefined procedure: TCP::idletime][TCP::idletime 600]" On the other hand this was accepted: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { IP::idle_timeout 600 } } What is the difference between IP::idle_timeout and TCP::idletime? I'm running 11.5.7Solved903Views0likes1CommentInactivity Timeouts
We have an environment set up where we need to specify different inactivity timeouts depending on the user and/or incoming connection IP. I have an iRule that gets run on a new authenticated session that changes the session timeouts I'm aware of... ACCESS::session data set session.inactivity_timeout 10800 ACCESS::session data set session.max_session_timeout 10800 Even though this should be for 3hrs, we have users that are getting timed out after 15 minutes (which is the Access Policy default. Is there a different/better way that we should be changing the inactivity timeout? Thanks!356Views0likes9CommentsBIG-IP : SystemConfigSync timeout
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi I'm working with iControl API : var systemConfigSync = new SystemConfigSync(host, username, password, timeout); SystemConfigSync.upload_configuration() What is an appropriate value for timeout ?230Views0likes1CommentTACACS+ Timeout
Hi all, I have been successfully authentication to my F5 estate using TACACS handing off to AD for many years. I have now added another layer by integrated with my MFA platform but cannot figure out how to alter/set timeouts for the MFA authentication. My configuration for TACACS is: auth tacacs system-auth { protocol ip secret xxxxx servers { x.x.x.x y.y.y.y } service ppp } I have set the timeout with: list auth tacacs system-auth timeout auth tacacs system-auth { timeout 15 } When I connect, I am prompted to MFA for both CLI & GUI. However, if I wait for 30 seconds, 1 minute, etc. the MFA session is still waiting & authenticates me when I accept the MFA challenge. Can anyone out there suggest what I'm missing in making the timeout time me out?1KViews0likes3CommentsHow to make a WSS request not restart the session timeout
hi, We have a page that is used to notify the application if the user is in session or not, without interferring with the session timeout itself. This page is accessed by the client automatically every X seconds. This is the code: if {$httpPath == "/pagename"} { if {([HTTP::cookie value MRHSession] != "") && ([ACCESS::session exists -state_allow]) } { HTTP::respond 200 content Yes SomeHeader Yes } else { HTTP::respond 200 content No SomeHeader No } ACCESS::disable return } Now the application team start using some asp.net component called SignalR which uses WSS, let's say the path is /signalr. This path is also accessed automaticaly every X seconds by the client, and thus restarts the session timeout counter and the app never disconnect. I need to do the same intervention like the code above does, only with this /signalr page. Problem is that unlike with the current/pagename path, if I add the /signalr path to the IF, it blocks the request from getting to the app server and breaks the app. Anyone familiar with this component or know why it acts differently? Thanks1.3KViews0likes1Comment