libxml2 and CVE-2024-25062
Good day All, Apologies for the silly question but I am new to F5, when I was running iHealth on my BigIP running V17.1.2.1 it flagged the above CVE-2024-25062. Is this for the version 17.1.0 - 17.1.2 which includes mine, in general? I am thinking this doesn't affect me because when I look in services (local traffic -> profiles -> services) I don't even see XML, unless I am looking in the wrong place. I also went into the command line did a find on libxml2 and xml2 and didn't find and directories. When I did a find on just xml I did find a few directories but nothing on xml2. So is it safe to say this doesn't affect me or am I wrong? Thank you in advance!! Warren
Issues modifying XML content with stream profile & iRule
I've taken an iRule from another DevCentral post and modified it to fit my application. when HTTP_REQUEST { Disable the stream filter for all requests STREAM::disable LTM does not uncompress response content, so if the server has compression enabled and it cannot be disabled on the server, we can prevent the server from sending a compressed response by removing the compression offerings from the client HTTP::header remove "Accept-Encoding" } when HTTP_RESPONSE { Check if response type is text if {[HTTP::header value Content-Type] contains "text/xml"}{ Replace http:// with https:// STREAM::expression {@http:\\/\\/applicationdomain@https:\\/\\/applicationdomain@} Enable the stream filter for this response only STREAM::enable } } The stream profile is successfully replacing the HTTP: with HTTPS:, but is also including the additional backslash and a Silverlight (smh) error pops up When I remove the second backslash in the iRule, the HTTP: is no longer replaced with HTTPS:, and I'm back to square one. Any ideas on what I might be doing wrong? Thanks in advance!
Deploy BIG-IP Edge Client (iOS) with configuration string
Greetings all, I'm very new to F5 (only responsible for deploying Edge Client with MDM) and need some basic assistance. Are there any more examples available for Configuration XML strings used to deploy the Edge Client via MDM and VPP to iOS devices with connection settings already established? Specifically we are utilizing JAMF as our MDM. Apps can be given configuration settings in their deployment. I was attempting to use the below string but I'm getting an error - 'Incorrect Format'. Help is appreciated. Thanks! We are using user name and password for authentication, and it is an SSL appliance. IPv4 UserDefinedName The Name of our connection VPN AuthName $USERNAME RemoteAddress our F5 Address OnDemandMatchAppEnabled VPNSubType [com.f5.F5-Edge-Client.vpnplugin](//com.f5.F5-Edge-Client.vpnplugin) VPNType VPNXML and WSDLs
Hello All, Is there a way for the BigIP to exposed the WSDLs when a client request them instead of the backend server. I have set a Security Policy, a XML profile and installed the WSDLs needed. I had a former infrastructure with IBM Datapower from where this was possible, I wonder if this is possible with the ASM module Customer request is like this GET /foobar-webservices/test?wsdl HTTP/1.1 Host: foo.bar:443 Connection: close Thank you.
Can I allow Buffer Overflow attack signatures in just an XML request?
The website has an upload page where people can submit receipts. The request looks like this: 4AAQSkD6RXhpZgAuocAAcAAAgMAAAAPgAAAAAc6gAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..... We have determined that the "A"s represent the white space in the image and since it is a receipt, a large area of it is white, but this is throwing the Generic buffer overflow attempt 1 attack signature due to the large sequence of "A"s. The question is if there is a way to just turn off this signature for this URI. Since the overflow false positive is in the XML I do not know of a way to do this, and we do not what to have to turn off buffer overflow signatures for the whole site. We only have one policy for the whole site and are unable to use the LTM side to split up the traffic to different policies. Thank you.
ASM JSON/XML payload detection & Automatically detect advanced protocols
Hello team, I have a question regarding the learning suggestions, I want to know if it is possible for the ASM to suggest the association of an XML profile to a specific URL. In other words, is there a way to configure the ASM so that when XML traffic passes through it then a learning suggestion rises saying "you have to associate an XML for this URL" In this article : https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-12-1-0/3.html The Policy Builder builds the security policy as follows: Examines application content and creates XML or JSON profiles as needed (if the policy includes JSON/XML payload detection) ...etc we can read explicitly that it is possible IF we enable the "JSON/XML payload detection" then the answer to my question is "Yes" . The problem is that I can't find this "JSON/XML payload detection" option in the GUI. Could you please help on this ? Many thanks, Karim
XML content based routing help
I'm trying to get some XML content based routing working, but having some difficulty. Hoping someone might help me out here. Here's my xml profile: profile xml { defaults from xml xpath queries "//FirmID" } I have an irule that has an HTTP_REQUEST block (for other URI-based routing), and then this: when XML_CONTENT_BASED_ROUTING { log local0. "XML: $XML_values(0)" switch $XML_values(0) { "199968" { log local0. "send to 10.222.248.20" node 10.222.248.20 443 } "199905" { log local0. "send to 10.206.23.172" node 10.206.23.172 443 } default { log local0. "default send to 10.222.248.21" node 10.222.248.21 443 } } } Sample XML: 199968redactedredacted872A4C348D18178525641CCD9B570954 None of my log statement in the XML_CONTENT_BASED_ROUTING ever trigger. The XML statistics show documents being inspected, but zero matches. What am I missing? Profile and irule in the comments in better formatting - can't get it to work in this post. No idea how to allow the XML code to be posted.How to LoadBalance HTTP 1.1 request
Hi all, Just to set the enviroment first 🙂 We had a customer that wanted to switch from source_addr persistence profile to a persistence based on a specific identifier that cames into http request on a XML field. How customer works its that sends a first http request with a login and the server side answers with a login response with an specific id, an after that sends different operations using that id. Based on that we defined an universal profile that using an irule extracts that information, analyzes the response that comes from login response. (called SessionIdLogin) and also it was needed to define an XML_profile, in order to analyze the following http request in order to obtain the id. (called xml_info) We configured the Virtual Server with * an http profile http * XML profile * Oneconnection Profile --> Oneconnect On the pool configuration we added the xml_info default profile and added the irule SessionIdLogin. Inside this irule, we downgrade the HTTP in order to loadbalance all the request between the nodes. ltm rule /Common/SessionIdLogin { when HTTP_REQUEST { HTTP::header remove "Accept-Encoding" if { [HTTP::version] eq "1.1" } { if { [HTTP::header is_keepalive] } { HTTP::header replace "Connection" "Keep-Alive" } HTTP::version "1.0" } } when HTTP_RESPONSE { if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576}{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } if { $content_length > 0} { HTTP::collect $content_length } } when HTTP_RESPONSE_DATA { log local0. "Persist in HTTP_RESPONSE_DATA" set SessionId [findstr [HTTP::payload] "sessionId>" 10 "<"] log local0. "$SessionId" if {[HTTP::payload] contains "Login"} { persist add uie $SessionId 160 } } } Till here it was all working fine no problems at all, but the customer noticed that sometimes the http post with login was not working, and we discovered that it was caused because they were sending and specific field from HTTP 1.1, transfer-coding: chunked. As we downgrade to 1.0 the Server didn't understand the petition and provides an error. after all the story, Now the question. 🙂 How could we without downgrade the HTTP version load balance all the requests? Customer is not going to change their code and they still want to do the persistence based on sessionId. One think i though its to add a header inside HTTP_RESPONSE with the connection: close, but i dont know if that its going to work. Thanks in advance people. Victor Jori
