[APM] URL stops working , location : /my.policy?ORG_URI=1f931c35
hello Team , We have a strange issue . User is able to access the url but sometimes the url doesn't work and when he checks in developer tool it has a status code of : 302 Found. After 10-15min it starts to work without any intervention. Response Headers : Connection : close Content-Length:0 Location : /my.policy?ORIG_URI=1f931c35 We are using APM for ACL and URL filtering , so where can I find my.policy ? I did not find any logs with this id 1f931c35 in cat apm or cat ltm logs , cat pktfilter logs , cat urlfilter logs .. Kindly please advice .45Views0likes1CommentBIG-IP irule : determine page-type
F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi Request urls can be in following forms : www.gofish.com www.gofish.com/barracuda www.gofish.com/sharks/blacknose www.gofish.com/species.html www.gofish.com/bait.aspx www.gofish.com/bait.aspx?color=green I need to determine if a request is for a page ( *.html , *.aspx ) vs a resource ( barracuda , /sharks/blacknose ). More specifically, I need to determine if request is for an .aspx page.193Views0likes1Commentirule uri traffic redirection failing
Hello team, I have to implement an irule to redirect traffic based on URL. So i made following code: when HTTP_REQUEST { if { [HTTP::uri] starts_with "/specialurl" } { snatpool /NAT_Outside pool /Apps_pool log local0. "[IP::client_addr] Ingreso a [HTTP::uri]" } } The irule works fine, but the owner of the application says that when the app (programed in ajax) call's another uri of the website, the service get stucked in the pool "/App_pool". I tried with ltm policy and have same behavior. Any one had have any similar case?Solved1.2KViews0likes8CommentsHow to change the default max length of Query string in URL
My company is currently using BigIP v13.1.3.4 without ASM in place. RFC 2616(Hypertext Transfer Protocol — HTTP/1.1) states there is no limit to the length of a query string (section 3.2.1).RFC 3986(Uniform Resource Identifier — URI) also states there is no limit, but BigIP has limited the query string to magical max value, 1354. Any query string exceeding 1354 won't work. Can F5 BigIP experts tell me where I can change that default value for max length of query string? This limitation did cause trouble for situation where BigIP works SAML 2 Identity Provider, and the counterpart Service Provider sends AuthnRequest by REDIRECT binding method. one example of such a problematic long query string: myqueryparam=nVfJkqNIEr3rK9LUR1kVmxaQVZZZBDsCBEhCgssY%2ByI2sUtfPyizKiurZ6atpw%2BYFIHHC%2FfnzyOcb42TZ9UWdG1cGMGtC5r2Zcyzotm%2BvXidd3WxLZ0mabaFkwfNtvW2B6DIW%2Fwruq3qsi29Mpu%2FgKYJ6jYpC7osmi4P6kNQ94kXnAz5dR63bdVsESQoxr5q2mmLr9Pv16LcLpcE8twHaSpkAguTLECqsmkRx2vmL8xkmRTOE%2FYXiB%2F0P1a%2Fr0z8X0vrwE%2FqwGvL%2Bg2kacr5i8i8zv%2BFUR5FOit%2F7bnuyglxFN0QobP0KIrASTJcL9dL3yEm46bpArFoWqdoX%2Bc4imNf0OUXHD9iqy1BbonVVxTF7fkLV9Ze8MbZ6zx0siaYv2g%2FuIBJ4SdF9NfEue9GzVY4HrUv2v5wnL%2BYQd28RToZzL9%2Fewa3ffOn%2FpSQv4Z1fmZh%2Fv0vOf%2BGfEL%2F%2Fs1vtockmoju6uDHXn7zzviEMAzD14H4WtYRMvGGIiiFTDZ%2Bk0R%2FzD%2FWBr5YhOU%2FWEw7RVkknpMlj7dEK0Ebl%2F4LyKKyTto4%2Fx9IGIKhT6Qvweh98bBl8ccc%2BT2Qvwn0m0t143xpYgf7gWUEYVAHhRe8nAzxdf7H35XR2%2BJj7RRNWNZ58%2Fvw%2F%2FMoKPogK6vA%2F9L8DOyHc38f8L9w9f1b4G3Fwsu6JukD9SmkyvGC5kcCA%2B%2FvQ03CD8JklJNmqpixeXqHfHbvT8N3NpgkmhT5T1L0KT3vIKaTdcH3IrmKFmtf43EfRLWrF5bSWykmyJT3%2BubAZ%2BO3iY%2Fkvg9%2Fifh3Gb2vOHi7Cz56NSVSxI00ghWxUcAdtbANqxb12e3jNlDlVsOvuLyPz9YFMPI5rHYyt0%2BXqzwZlLsgeaV5laNTsRiDNPAUOkdsZyWVTLy8ohAC5WawSHmMJTIdWiUN1oK8kGS3uFQ5H3JS%2BLiqVEEgvaDaqwYYdrokKXNPsisx1c6Q4SsbVbB9wpMno8VrXyROZhepY6WuF3RSubI5EOy5Ol30sLwnmr4z6DErKuNy7X2pOYchqnq9IOIq1gk8BlG9u2Or6B6nl0RiRWa5TJgjMHilp7gF6xIadylJTIDrMjtiSzOOr7GjcrQSOWVV8o29Njt7gWQerKNIwfRVqO5O3OiMu2zU03ZBDvfl8Pr6Qf0nrp%2F074L7RyouK5RinNb5GNDPMy6czow2%2BK6IIjcyNA139wgMIgSRErKuNy7X2pOYchqnq9Iafdasdafdasdad8.2KViews0likes3CommentsNeed help with URL re-write without a redirect
I have virtual server on F5 with an iRule and want to add a condition for a new re-write. I have to re-write complete URL without redirecting or changing the URL in client's browser. Tested the below but client browsers keeps getting a reset. Below is my existing iRule and the syntax i have tried for re-write. Also attached few logs which show that traffic is matching the condition and re-writing the URL but fails. Browser URL: "abc.domain.com/uri/path" Backend URL: "abc4.domain4.com/file.html" when HTTP_REQUEST { set doStream 0 switch [HTTP::host] { "abc.domain.com" { if {[HTTP::path] contains "/abc/abc" && [HTTP::query] contains "location="} { HTTP::respond 301 "Location" "https://[HTTP::host]/abc/[string tolower [findstr [HTTP::query] "location=" 9]]" pool xyz_pool } elseif {[string tolower [HTTP::host]] starts_with "abc.domain.com" && [HTTP::path] eq "/uri/path"} { HTTP::header replace Host "abc4.domain4.com" HTTP::uri "/file.html" set doStream 4 log local0. "[HTTP::host][HTTP::uri] Changed rewrite" pool test-pool } elseif {[class match [HTTP::path] equals "url_redirect_list"]} { set newURL [class match -value -- [HTTP::uri] equals "url_redirect_list"] log local0. "NEW Redirect URI is [HTTP::uri]" HTTP::respond 301 "Location" $newURL } elseif {[class match [HTTP::path] equals "url_explicit_list"]} { log local0. "[HTTP::path]: Explicit URL path goes to [LB::server] with cookie value [HTTP::cookie value "cookie"]" HTTP::header replace Host "abc1.domain.com" set doStream 1 log local0. "[IP::client_addr]:[TCP::client_port]: [LB::server] Request with persistence cookie [HTTP::cookie value "cookie"] to [HTTP::uri]" pool explicit_pool } elseif {[class match [HTTP::path] starts_with "url_wildcard_list"]} { log local0. "[HTTP::path]: Wildcard URL path goes to [LB::server]" HTTP::header replace Host "abc1.domain.com" set doStream 1 #log local0. "[HTTP::path]: Wildcard URL path goes to [LB::server]" } elseif { [string tolower [HTTP::uri]] ne "/autodiscover" } { log local0. "[IP::client_addr]:[TCP::client_port]: [LB::server] Request with persistence cookie [HTTP::cookie value "cookie"] to [HTTP::uri]" pool backend_pool persist cookie insert "cookie" } else { drop } } } } when HTTP_RESPONSE { switch $doStream { 0 { return } 1 { STREAM::expression {@http://abc1.domain.com@https://abc.domain.com@} STREAM::enable } 4 { STREAM::expression {@https://abc4.domain4.com/file.html@https://abc.domain.com/uri/path@} STREAM::enable } } } /var/log/ltm.1:Apr 14 13:44:55 info tmm1[17567]: Rule /Common/POOL_SELECTION_IRULE <HTTP_REQUEST>: abc4.domain4.com/file.html Changed rewrite /var/log/ltm.1:Apr 14 13:44:55 info tmm[17567]: Rule /Common/POOL_SELECTION_IRULE <HTTP_REQUEST>: abc4.domain4.com/file.html Changed rewrite /var/log/ltm.1:Apr 14 13:45:04 info tmm[17567]: Rule /Common/POOL_SELECTION_IRULE <HTTP_REQUEST>: abc4.domain4.com/file.html Changed rewrite /var/log/ltm.1:Apr 14 13:45:05 info tmm1[17567]: Rule /Common/POOL_SELECTION_IRULE <HTTP_REQUEST>: abc4.domain4.com/file.html Changed rewrite /var/log/ltm.1:Apr 14 13:45:05 info tmm[17567]: Rule /Common/POOL_SELECTION_IRULE <HTTP_REQUEST>: abc4.domain4.com/file.html Changed rewrite /var/log/ltm.1:Apr 14 13:50:05 info tmm[17567]: Rule /Common/POOL_SELECTION_IRULE <HTTP_REQUEST>: abc4.domain4.com/file.html Changed rewrite /var/log/ltm.1:Apr 14 14:00:06 info tmm[17567]: Rule /Common/POOL_SELECTION_IRULE <HTTP_REQUEST>: abc4.domain4.com/file.html Changed rewrite /var/log/ltm.1:Apr 14 15:42:37 info tmm1[17567]: Rule /Common/POOL_SELECTION_IRULE <HTTP_REQUEST>: abc4.domain4.com/file.html Changed rewrite Any help is appreciated. ThanksSolved2.4KViews0likes6CommentsiRule to Forward Traffic Based on URL Name
Hi, I am in a situation where we have shortage of IP address and am looking for an alternative way to forward traffic to pools based on URL. I am not really good with iRule hence looking for assistance and I have seen posts based on URI, but i am looking for assistance with URL. Eg: 1 VIP and based on the url name, the traffic needs to be forwarded to Pool. Help on this is appreciatedSolved3.4KViews0likes10CommentsRedirect and hide URL+URI
Hi, Trying to set up a VMware Horizon admin connection to rewrite and hide the underlying URL and for the life of me I can't figure it out although it feels like I should be able to. Requirements: redirect --> http://myURL.domain.com/ OR https://myURL.domain.com/ to --> https://mySERVER.domain.com/myURI/#/login mask --> https://mySERVER.domain.com/ANYURI as --> https://myURL.domain.com/ANYURI The idea being that whenever a user navigates to the URL, all they ever see is the URL and corresponding URIs after the trailing "/" in the browser. Just seeing the base URL and no URIs after the trailing "/" is also ok. I have successfully done the redirection on the VS with both iRule and Policy but the masking is giving me a headache. Searching and finding various solutions that did not seem to address this particular type of request made my headache worse. I have about 8 months of experience with load balancers (maybe 4 months with F5 BIG-IP LTM specifically). Thanks.584Views0likes0Commentsirule to redirect based on HTTP header
Hi guys, I am not a professional coder and Im trying to find and start to develop a irule to redirect our HTTP request to a especific pool, but cant find nothing similar to start a new one. Our LTM receives from the browser an HTTP header with this information: VALIDADOR_USER: 10\r\n (I take it just equals from the wireshark, the number is random 10-27) I want to try a code that will take it number from VALIDADOR_USER and load balance to 4 diffent pools. i.e.: if VALIDADOR_USER: 10 or 11 or 12 or 15 > pool_1 if VALIDADOR_USER: 16 or 17 or 18 or 19 > pool_2 if VALIDADOR_USER: 20 or 21 or 22 or 23 > pool_3 if VALIDADOR_USER: 24 or 25 or 26 or 27 > pool_4 I wonder if its possible to do something based on comparing this values through datagroups and if it matches the LB will be trigged.. Please, can you guys give me a help ? Regards, Cadu.681Views0likes1CommentURL Category Database Useless
I have been struggling with the extremely worthless WebSense URL Category database. I say this because categories like "Information Technology" have several sub-categories within it. The problem with categories like these comes with creating and implementing Filters. It appears that with a filter you must allow ALL sub-categories in order for the main Category to be allowed. This is a problem with say.....Business & Economy, because the two sub-categories are "Hosted Business Applications" and "Financial Data & Services". So in order to get the main category of "Business & Economy" to be allowed (because Websense DOES categorize sites into the main categories) via a filter, I must allow BOTH "Hosted Business Applications" and "Financial Data & Services". This is a problem, because "Hosted Business Applications" is arguably NOT really "Business & Economy", but more appropriately falls under "Information Technology". The concept of having sub-categories is great, but that means your Main Categories become useless, if you aren't allowing ALL sub-categories, and if that is how it truly does work with filtering, then it sort of NEGATES having sub-categories. It may have been better to either make everything its own category, or just simply stick with the 40+ main categories only. On a side note, it appears as though many of the major Social Media platforms have got their own main category, but again if WebSense categorizes anything from Facebook, Twitter, etc. as "Social Web - Facebook" or "Social Web - Twitter", and you aren't allowing ALL of the sub-categories wihtin those respective main categories, it will get blocked. Am I way off base on this assessment of how all this works; am I missing something? Has anyone else run into these same issues?314Views0likes0Comments