Redirect on user browser inactivity on LTM VIP
We have a type Standard F5 LTM VIP (no APM, no ASM, just LTM) with a pool of application servers. Only SSL, TCP and HTTP profiles are applied to that VIP. Connection is made by browser to URL https://www.mysite.com/mypage and web page content displayed. All good at this point. Then a user is idle for 20 minutes doing nothing. We want in this case of inactivity to send http redirect from F5 to a user browser to redirectto https://www.mysite.com Again this is a very basic VIP; beside TCP profile idle timeout I don't see any other posisble timeouts and TCP idle timeout is totally different from what we want to do... Any suggestion how our goal can be achieved? Thanlk yuo in advance!
APM :: Async Error :: Session deleted due to user inactivity
Anybody run into this error before? Been chasing "Session deleted due to user inactivity" when the user swears that it disconnects in the middle of their session while they are actively working. Saw this in the informational logs and wondered if it was related... 2018-03-29 01:29:19 /Common/main:Common:xxxxxxxx: {61b5.C} An exception is thrown: AsyncError:1: SuppliedUnexpectedAny
BIG-IP : device-side timeout applied to iControl operations ?
F5 BIG-IP LTM VE v11.4.0 on ESXi The iControl API classes accept a timeout parameter - which to be safe I set to 3600000 ms = 1 hr ( how to set to infinite ? ) However calls to LocalLB.DataGroupFile.set_file_path() API ( that when successful complete in under 10 mins ) sometimes return this error : The underlying connection was closed: An unexpected error occurred on a send. Is it possible that BIG-IP is applying its own internal timeout to iControl requests ? If so, how to configure my BIG-IP device's internal timeout ?
Inactivity Timeouts
We have an environment set up where we need to specify different inactivity timeouts depending on the user and/or incoming connection IP. I have an iRule that gets run on a new authenticated session that changes the session timeouts I'm aware of... ACCESS::session data set session.inactivity_timeout 10800 ACCESS::session data set session.max_session_timeout 10800 Even though this should be for 3hrs, we have users that are getting timed out after 15 minutes (which is the Access Policy default. Is there a different/better way that we should be changing the inactivity timeout? Thanks!TACACS+ Timeout
Hi all, I have been successfully authentication to my F5 estate using TACACS handing off to AD for many years. I have now added another layer by integrated with my MFA platform but cannot figure out how to alter/set timeouts for the MFA authentication. My configuration for TACACS is: auth tacacs system-auth { protocol ip secret xxxxx servers { x.x.x.x y.y.y.y } service ppp } I have set the timeout with: list auth tacacs system-auth timeout auth tacacs system-auth { timeout 15 } When I connect, I am prompted to MFA for both CLI & GUI. However, if I wait for 30 seconds, 1 minute, etc. the MFA session is still waiting & authenticates me when I accept the MFA challenge. Can anyone out there suggest what I'm missing in making the timeout time me out?How to make a WSS request not restart the session timeout
hi, We have a page that is used to notify the application if the user is in session or not, without interferring with the session timeout itself. This page is accessed by the client automatically every X seconds. This is the code: if {$httpPath == "/pagename"} { if {([HTTP::cookie value MRHSession] != "") && ([ACCESS::session exists -state_allow]) } { HTTP::respond 200 content Yes SomeHeader Yes } else { HTTP::respond 200 content No SomeHeader No } ACCESS::disable return } Now the application team start using some asp.net component called SignalR which uses WSS, let's say the path is /signalr. This path is also accessed automaticaly every X seconds by the client, and thus restarts the session timeout counter and the app never disconnect. I need to do the same intervention like the code above does, only with this /signalr page. Problem is that unlike with the current/pagename path, if I add the /signalr path to the IF, it blocks the request from getting to the app server and breaks the app. Anyone familiar with this component or know why it acts differently? Thanks
