How to change the default max length of Query string in URL
My company is currently using BigIP v13.1.3.4 without ASM in place. RFC 2616(Hypertext Transfer Protocol — HTTP/1.1) states there is no limit to the length of a query string (section 3.2.1).RFC 3986(Uniform Resource Identifier — URI) also states there is no limit, but BigIP has limited the query string to magical max value, 1354. Any query string exceeding 1354 won't work. Can F5 BigIP experts tell me where I can change that default value for max length of query string? This limitation did cause trouble for situation where BigIP works SAML 2 Identity Provider, and the counterpart Service Provider sends AuthnRequest by REDIRECT binding method. one example of such a problematic long query string: myqueryparam=nVfJkqNIEr3rK9LUR1kVmxaQVZZZBDsCBEhCgssY%2ByI2sUtfPyizKiurZ6atpw%2BYFIHHC%2FfnzyOcb42TZ9UWdG1cGMGtC5r2Zcyzotm%2BvXidd3WxLZ0mabaFkwfNtvW2B6DIW%2Fwruq3qsi29Mpu%2FgKYJ6jYpC7osmi4P6kNQ94kXnAz5dR63bdVsESQoxr5q2mmLr9Pv16LcLpcE8twHaSpkAguTLECqsmkRx2vmL8xkmRTOE%2FYXiB%2F0P1a%2Fr0z8X0vrwE%2FqwGvL%2Bg2kacr5i8i8zv%2BFUR5FOit%2F7bnuyglxFN0QobP0KIrASTJcL9dL3yEm46bpArFoWqdoX%2Bc4imNf0OUXHD9iqy1BbonVVxTF7fkLV9Ze8MbZ6zx0siaYv2g%2FuIBJ4SdF9NfEue9GzVY4HrUv2v5wnL%2BYQd28RToZzL9%2Fewa3ffOn%2FpSQv4Z1fmZh%2Fv0vOf%2BGfEL%2F%2Fs1vtockmoju6uDHXn7zzviEMAzD14H4WtYRMvGGIiiFTDZ%2Bk0R%2FzD%2FWBr5YhOU%2FWEw7RVkknpMlj7dEK0Ebl%2F4LyKKyTto4%2Fx9IGIKhT6Qvweh98bBl8ccc%2BT2Qvwn0m0t143xpYgf7gWUEYVAHhRe8nAzxdf7H35XR2%2BJj7RRNWNZ58%2Fvw%2F%2FMoKPogK6vA%2F9L8DOyHc38f8L9w9f1b4G3Fwsu6JukD9SmkyvGC5kcCA%2B%2FvQ03CD8JklJNmqpixeXqHfHbvT8N3NpgkmhT5T1L0KT3vIKaTdcH3IrmKFmtf43EfRLWrF5bSWykmyJT3%2BubAZ%2BO3iY%2Fkvg9%2Fifh3Gb2vOHi7Cz56NSVSxI00ghWxUcAdtbANqxb12e3jNlDlVsOvuLyPz9YFMPI5rHYyt0%2BXqzwZlLsgeaV5laNTsRiDNPAUOkdsZyWVTLy8ohAC5WawSHmMJTIdWiUN1oK8kGS3uFQ5H3JS%2BLiqVEEgvaDaqwYYdrokKXNPsisx1c6Q4SsbVbB9wpMno8VrXyROZhepY6WuF3RSubI5EOy5Ol30sLwnmr4z6DErKuNy7X2pOYchqnq9IOIq1gk8BlG9u2Or6B6nl0RiRWa5TJgjMHilp7gF6xIadylJTIDrMjtiSzOOr7GjcrQSOWVV8o29Njt7gWQerKNIwfRVqO5O3OiMu2zU03ZBDvfl8Pr6Qf0nrp%2F074L7RyouK5RinNb5GNDPMy6czow2%2BK6IIjcyNA139wgMIgSRErKuNy7X2pOYchqnq9Iafdasdafdasdad
iRule to Forward Traffic Based on URL Name
Hi, I am in a situation where we have shortage of IP address and am looking for an alternative way to forward traffic to pools based on URL. I am not really good with iRule hence looking for assistance and I have seen posts based on URI, but i am looking for assistance with URL. Eg: 1 VIP and based on the url name, the traffic needs to be forwarded to Pool. Help on this is appreciated
URL based load balancing. How?
Hi, We are kinda new to F5 and iRules so we don't really know how to create url based load balancing and we are not good at writing iRules. :) What we want to do is that we have different pools and when example.com is typed into a browser it would direct the a user to the specific pool. When subdomain.example.com is called then it would direct them to another pool. Could you please help with this? Thanks in advance.
irule to redirect based on HTTP header
Hi guys, I am not a professional coder and Im trying to find and start to develop a irule to redirect our HTTP request to a especific pool, but cant find nothing similar to start a new one. Our LTM receives from the browser an HTTP header with this information: VALIDADOR_USER: 10\r\n (I take it just equals from the wireshark, the number is random 10-27) I want to try a code that will take it number from VALIDADOR_USER and load balance to 4 diffent pools. i.e.: if VALIDADOR_USER: 10 or 11 or 12 or 15 > pool_1 if VALIDADOR_USER: 16 or 17 or 18 or 19 > pool_2 if VALIDADOR_USER: 20 or 21 or 22 or 23 > pool_3 if VALIDADOR_USER: 24 or 25 or 26 or 27 > pool_4 I wonder if its possible to do something based on comparing this values through datagroups and if it matches the LB will be trigged.. Please, can you guys give me a help ? Regards, Cadu.
ASM Attack signatures on URL/parameter
Hi, I am trying to figure out violation logging when both URL and parameter is involved. Tested on 13.1.0.8 Request: Post to URL: /post1 Parameter in form (request body): parameter1 Policy in Transparent Parameters on URL level Encoded XSS string in parameter1 Depending on staging setting results are like that: URL staging: Disabled Parameter staging: Enabled Request reported in Event log: Status: Legal Violation rating: 4 Violations detected: Illegal meta character in value, Attack signature detected And second setting: URL staging: Enabled Parameter staging: Disabled Request reported in Event log: Status: Illegal Violation rating: 4 Violations detected: Illegal meta character in value, Attack signature detected Above suggest that violation detection is only performed on parameters. Still it is a bit misleading that for first staging setup violation is detected in exactly the same way as for second but request is reported as Legal. Now Attack signature settings changed (both URL and parameter with staging disabled) Check attack signatures on this URL: Disabled Check attack signatures on this parameter: Enabled Request reported in Event log: Status: Illegal Violation detected: Illegal meta character in value And second setting: Check attack signatures on this URL: Enabled Check attack signatures on this parameter: Disabled Request reported in Event log: Status: Illegal Violation detected: Illegal meta character in value From previous test it looked like only parameter signatures cause request to be reported as Illegal, but from above it seems that Attack signatures has to be checked on both URL and parameter to trigger Attack signature detected. Results are quite confusing here. I would expect results like that: No matter if staging is disabled both request should be listed as Illegal If only parameter Attack signatures are causing request to be Illegal then disabling Attack signatures on URL should still trigger Attack signatures violation. How Event Log entry for request with: Status: Legal Violation rating: 4 should be interpreted in compare to one where status is Illegal? PiotrRedirect and hide URL+URI
Hi, Trying to set up a VMware Horizon admin connection to rewrite and hide the underlying URL and for the life of me I can't figure it out although it feels like I should be able to. Requirements: redirect --> http://myURL.domain.com/ OR https://myURL.domain.com/ to --> https://mySERVER.domain.com/myURI/#/login mask --> https://mySERVER.domain.com/ANYURI as --> https://myURL.domain.com/ANYURI The idea being that whenever a user navigates to the URL, all they ever see is the URL and corresponding URIs after the trailing "/" in the browser. Just seeing the base URL and no URIs after the trailing "/" is also ok. I have successfully done the redirection on the VS with both iRule and Policy but the masking is giving me a headache. Searching and finding various solutions that did not seem to address this particular type of request made my headache worse. I have about 8 months of experience with load balancers (maybe 4 months with F5 BIG-IP LTM specifically). Thanks.
Masking URL on browser
I have a VIP, which runs an https page and calls other 8 VIPs. And that 8 VIPs redirect this https page, add port numbers and also load balances 8 servers with 8 different port numbers. For example, the end user types “abc.myportal.com” and that link is redirected to “https://abc.myportal.com:9460/xyz/login” or “https://abc.myportal.com:9461/xyz/login” or other ports. Now, i want to mask some parts of the URL from the end user. (e.g: port numbers). I dont want to redirect or translate URL. When i did it, the page didnt run. The link must run with port numbers but i only want to hide the port numbers from end user. They should see on the URL “https://abc.myportal.com/xyz/login” when they typed “abc.myportal.com”. But behind the scene, the link with port numbers must run. May be this is not possible. Anybody can help ? When i all read the other questions, i found “redirect, translate URL etc” but they didnt work. Thanks&Regards
