minimum tmos software version for connect CIS (openshift)
Hi I need your help I looking for minimum tmos software version for connect CIS (openshift) I can't find any documents relate to this topic please let me know if you know or have some documents or does not need software version for connect CIS (openshift) thank you
Need advise to setup a policy on F5
We have a virtual server 172.16.0.180 configured with port 443 . The pool is Netforumuat_PL_443 which has 4 members 10.103.51.105 : 443 10.103.51.106: 443 10.103.51.107: 443 10.103.51.108 : 443 Requirement we need a policy to be setup in F5 which can provide access to below URLs and reject other . https://partnersuat.rotary.org/xwebBrazilWeb/secure/netforumxml.asmx https://partnersuat.rotary.org/xwebbadge/secure/netforumxml.asmx https://partnersuat.rotary.org/xwebacquia/secure/netforumxml.asmx https://partnersuat.rotary.org/xwebclubrunner/secure/netforumxml.asmx https://partnersuat.rotary.org/xwebcluxprs/secure/netforumxml.asmx Could someone assist herein. Thankyou
iRule help masking IBM host URL/URI
I have a customer who has a contract with IBM that is requiring that we hide the internal URL/URI paths. When users go to the following URL/URI: cpd-cp4ba-uat.apps.cp4bauat1.companya.com/icn/navigator/?desktop=psecm the same host redirects them to the login URL/URI page: cp-console-cp4ba-uat.apps.cp4bauat1.companya.com/oidc/login.jsp. HTTP 302, 301 and 200 occur are viewed when I run HTTP watch. What the contract is requiring is that clients should use a much simpler URL:https://psecm-uat1.companya.com while masking the two lengthy paths previously displayed. We created the vs_psecm-uat1.companya.com and the server pool, which contains the IP for host cp4bauat1.companya.com. All URLs are HTTPS, therefore, I have already created the HTTP Profile and SSL profile. In the past I was able to mask the destination with HTTP::header replace...etc.. In this situation it is not working with the replace. I am not sure if I should create an iRule to redirect(client side) and a rewrite for masking the HTTP Response header. ???? Help is greatly appreciated.Help with URL Masking
iRule Newbie here and hopefully I am explain myself correctly. Our DevOps team requested I create a new site automate.test.mycompany.com, which will be redirected to this ansible URL/URI in our private cloud https://controller.automate.mycompany.com/#/login. In addition, they do no want the users to view controller.automate.mycompany.com/#/login in their browser. virtual server: automate_https_vs virtual server IP: 10.12.12.12 <----this IP is mapped in DNS to automate.test.mycompany.com server pool name: automate_https_pool server pool member IP and FQDN: 10.68.68.68 and controller.automate.mycompany.com <-HOST IS IN THE PRIVATE CLOUD The VS and node are HTTPS; therefore, an HTTP profileand aclient SSL profile has been configured. Test performed: When I perform an HTTP Request via the F5 VS to https://automate.test.mycompany.com, I receive an HTTP Response 404 error from the pool member/cloud host 10.68.68.68. When I perform an HTTP Request directly to the cloud host by typing in the browser https://10.68.68.68 I also receive the same an HTTP Response 404 error. When I perform an HTTP Request directly to the host URL https://controller.automate.mycompany.com I receive an HTTP response with the correct URL/URI path: https://controller.automate.mycompany.com/#/login. Finally, I created a redirect iRule which redirects correctly, but I should not view https://controller.automate.mycompany.com/#/login when receiving the HTTP Response from the server. Since, the F5 is SSL bridging (encrypt/decrypt) the connection can we manipulate the HTTP response and change or rewrite the server side response? If so, I would appreciate your help. when HTTP_REQUEST { switch [string tolower [HTTP::host]] { automation.test.mycompany.com { HTTP::redirect "https://controller.automate.mycompany.com" } } } Thanks, Maria
Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP
We have more than 160 BIG-IP Virtual Edition with version 15.1.10.3 build 0.0.12. We need to import, in each one, an SSL Certificate in PFX/PKCS 12 format in the path System ›› Certificate Management: Device Certificate Management: Device Certificate. We looked in the documentation and the KB but we couldn't find a way to do it. Has anyone dealt with this and have a solution to do it via Script, CLI or API? Thank you.curl: (56) SSL read: errno -5961
Hello All, We have an application VIP on F5. User is trying to access the application VIP on F5 using HTTPS from a linux system and the SSL handshake between the application on linux system and the F5 VIP is not working. we tried using curl to figure where the session is getting droped and we are finding the below error: SSL read: errno -5961 Closing connection 0 curl: (56) SSL read: errno -5961 Could you please help me know what could be the possible cause of the issue and anything I can do on the Big-IP side to fix the issue? The certificate is installed properly on the linux system and the certificate chain is also correct. The team that manages the F5 part tells us that the network interface it points to on the server side does not have any mismatch on the MTU side which is set to 1500 as well as on the server side. What could be another cause for the problem? Thanks a lot in advance for your help. Regards
iRule assistance
Dear community, Could someone provide me with an example of an iRule that does the following: I would like to have a single inbound VIP for API calls. These calls could go to one of 2 Pools depending on what is in the URI. How can I write an iRule that looks for a certain string in the URI and send the request to one pool or the other depending on what is in the URI? Thank you.F5 loadbalancer not working
Hi, I've created a basic pool with a single node configured with port 80 a virtual server also configured with port 80. The virtual server is enabled and the node in the pool is active. In the node we have a nginx running in a docker container, we've made a port-forward of this service to expose it. But when I try to cURL to the virtual server the response is: curl -v http://<vs-ip-addr> * Trying <vs-ip-addr>:80... * Connected to <vs-ip-addr>(<vs-ip-addr> port 80 (#0) > GET / HTTP/1.1 > Host: <vs-ip-addr> > User-Agent: curl/7.81.0 > Accept: */* > * Recv failure: Connection reset by peer * Closing connection 0 curl: (56) Recv failure: Connection reset by peer If I cURL to the node configured in the pool: curl -v http://<node-ip-addr> * Trying <node-ip-addr>:80... * Connected to <node-ip-addr> (<node-ip-addr>) port 80 > GET / HTTP/1.1 > Host: <node-ip-addr> > User-Agent: curl/8.4.0 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx/1.25.4 < Date: Fri, 19 Apr 2024 11:09:30 GMT < Content-Type: text/html < Content-Length: 615 < Last-Modified: Wed, 14 Feb 2024 16:03:00 GMT < Connection: keep-alive < ETag: "65cce434-267" < Accept-Ranges: bytes < <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> * Connection #0 to host <node-ip-addr> left intactOverwriting or adding LTM SSL Traffic cert and key using iControlREST
Hi, I am trying to overwrite an existing cert and key within the LTM SSL Traffic cert and key using iControlREST. Here is the basic process, and result of each step. Upload key and cert PEM files to the uploads directory. I have tried this step both inside and outside of a transaction with the same result. This works fine. Create a transaction using the transaction REST endpoint. This works fine. Add a command to install the key over the desired SSL Traffic key referencing the local path from step 1 with the transaction id in the header. The command is set to install and from-local-file. Successfully added to the transaction commands. Add a command to install the key over the desired SSL Traffic cert referencing the local path from step 1 with the transaction id in the header. The command is set to install and from-local-file. Successfully added to the transaction commands. Get the transaction commands just to observe the contents. The commands are present, and the paths are correct per steps 3 & 4 above. Attempt to commit the transaction, and receive the failure with a message like the one below. message=transaction failed:01070712:3: file (/var/system/tmp/tmsh/GexeqO/IIS-F5v13.key) expected to exist. As you can see, F5 is looking in a different directory than specified in steps 3 & 4. I've closely examined all requests and responses using Fiddler, and there's no way to determine the randomly generated sub directory name ('GexeqO' in this particular case). It is different each transaction. Also note, this happens even when not overwriting existing entries. But I am using a transaction so that I don't get the 'key and certificate do not match' message. Any insights would be tremendously helpful. Best, Gary
How to target only webview rendering with CSS?
This particular page displays correctly on desktop and mobile Firefox browsers, Mac and iOS browsers, Edge, Chrome, and Chromium. But when it's seen through web view—that is, from a link on the Android Facebook app or even the actual Android app, Duck Duck Go—one of the font sizes is bigger and extends beyond its container div, obstructing the view. Visit Here for more information on solving problems:Prodigit After ten years of front-end development, I haven't yet looked at web view customizations. How can I use CSS (or JavaScript if necessary) to target web view rendering?
