High CPU utilization (100%).
I observed high CPU utilization (100%) on F5 device, resource provision ASM nominal. I checked the client-side throughput and server-side throughput both are normal but found management interface throughput is very high and what i noticed this is happening in same time period for last 30 days. What could be the reason for this spike. Many thanks in advanced for your time and consideration.
About Vulnerability Countermeasures
Thank you for your assistance. I would like to know if the following product is effective as a vulnerability countermeasure. Product name: F5 Rules for AWS WAF Common Vulnerabilities and Exposures Target vulnerability: CVE-2021-26691 CVE-2021-26690 CVE-2020-35452 We apologize for the inconvenience, but we would appreciate it if you could check on this issue as soon as possible. Thank you in advance for your cooperation.
Using the WAF instead of a jump server for ssh-tunneling?
Hello everyone, This is how it works at the moment: We go from server A, in the internal network, with a public IP via ssh to a jump server in the DMZ. From the jump server we then go on to server B in the secure zone. I am relatively new to this and have been given the task of seeing if the WAF can replace the jump server. We use Advanced Web Application Firewall, r2600 with BIG-IP 17.1.1.3 Is this possible and what do we need for it? Thank you in advance for your help ! Best regards.
Irule to allow specific IPs
I have a site which is abc.com Trying to achieve below requirements- 1) If uri is / it should redirect to abc.com/xyz - open for all 2) If uri is /rdp_xyz_tshoot should accessible to internal network - (here we can use the datagroup list) As this site is migrated to akamai where they have requirement to use below irule- when HTTP_REQUEST { if { [HTTP::header exists True-Client-IP] } { set trueclientip [HTTP::header True-Client-IP] HTTP::header replace X-Forwarded-For $trueclientip } } Cause for above akamai irule= Normally the True-Client-IP header includes the real IP of the clients when requests are coming from Akamai. It will be unaffected and be sent as part of the request to the pool member. So, your backend servers could look for that header and do something with its value. However, if you want the F5 to translate it to the X-Forwarded-For header, you can use an iRule to convert the Akamai True-Client-IP header to the X-Forwarded-For header. we are trying with below irule which is not working- when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/rdp_xyz_tshoot") && (not[class match [IP::client_addr] equals allowed_IPs])} { reject } if { [HTTP::uri] == "/" } { HTTP::redirect "https://[HTTP::host]/abc_login.jsp" } } Please help
Question about WAF Enforced with has suggestion Signature
Hello, everyone I have a question about the WAF signature. Recently, I blocked the Ready to be enforced signatures. A few days later, Some of these signatures are in an enforced state, and they have entered a has-suggestion state.(About 30 of them) What is the state of being in an enforced state and at the same time has suggestion? And some of the enforced&has-suggestion signatures are unblocked and there are also staged logs. It's in enforced mode, is this a possible situation? F5 WAF engineer with similar experience, please help me. Thank you very much.
How to accept Application requests at WAF F5
Dear All, I just apply WAF policy. The enforcement mode is blocking. Policy Building learning mode "Manual" Policy Builder Learning Speed "Medium" Other setting is default setting. After apply this kind of configuration, the user can't finish registering an account at our website. When go to Event Logs -> Application the show the traffic has been blocking. Attack Types "JSON Parser Attack" But this is valid traffic. I try to accept this traffic, but after test again. The traffic will block again. So my question is, how to I permanently accept this traffic and no blocking in future.
Difference between BT(Upgraded to ADD-ASMAWF ) vs BTA device
Hi All I have a running BT i15800 upgraded to ADD-ASMAWF device onsite, i want to add add another device, now i have a F5-BIG-BTA-i15800 option to add, i want to know is there any technichal difference between these two device ? should i consider anything for this matter or not ? Thanks
