iRule for Logging a HTTP::header
Hello, we have a VS that services multiple FQDNs to one VS and then chooses the pool using an LTM policy that checks the incoming http host from the client and then associates to the pool. I have a working irule that looks like: when HTTP_REQUEST_RELEASE { foreach x [HTTP::header names] { log local0. "$x: [HTTP::header $x]" } } the problem is, this returns all the headers for every HTTP_request for this VS, for ALL The FQDNs, when i really only need it for one specific one. I know in the header there is a Host field for the fqdn. is there a way to modify my irule above to only log the header for the HTTP::headers that contain the url lets say webserverA.com? Note: I tried to do the logging in the LTM policy for when it chooses the WebserverA pool, but while it says it accepts TCL, I don't know what to put in there.Solved41Views0likes1Commentapm session variable from part of uri...
Hey all, I have a problem I need to solve. We have an application that uses a mobile app, the app does authentication with apm(local sp/external idp) through one browser and then accesses the the backend server in another session.. and the apm is not aware of that second one so it gerenrates a new login which fails and the app cannot login. The app passes a identification value the the urls which the app uses.. I want to do the same. Does anyone know or have any tips on how i can catch part of the uri (sort of like this https://test.com/sessionid=1234-5678-9101) that contains the sessionid and apply it to a session variable? /Kim47Views0likes3CommentsF5 iRules Akamai redirection
Hello Team, Currently, i have a virtual server with iRules of redirection if my url start with /toto redirect to pool_test1. However, my problem is with AKAMAI every time when i request a http request "mycompany.com" i'm redirecting to /toto without any explanation. Have you a suggestion please to fix this issue ? Thank you.377Views0likes5CommentsAPM inactivity timeout redirect or notification page for LTM + APM connections
Background on this: Have a customer that is publishing a Microsoft CRM instance behind APM and doing KCD with smart card auth. Access policy works fine, KCD works fine, web app works fine. The only problem we have is the inactivity timeout setting. Once the limit has been reached, the session is removed and content is no longer sent to the user in a very abrupt fashion. This is a problem because ALOT of the page is cached on the clients workstation and all they see is broken JPEGs and incomplete web content. Once they click around they are re authenticated but it is not pretty. I want to find a way to notify the user they have been inactive for a certain amount of time, send a HTTP 200 response with content notifying them with a link to click on to re authenticate. The option of increasing the inactive timeout is not an option due to their access session license limit. There would be alot of abandoned sessions that would aggregate potentially going over this limit. I know with webtop and ssl vpn, you get a notification that you are about to be logged out due to inactivity but this doesn't seem to be available for LTM + APM policies. This is what I have so far, there has to be a more efficient way of doing this though. when ACCESS_SESSION_STARTED { set ::EXPIRE "false" } when ACCESS_SESSION_CLOSED { log local0. "Session has been closed" set ::EXPIRE "true" } when HTTP_RESPONSE { if {$::EXPIRE equals "true"} { HTTP::respond 200 content " You've Been Logged out due to inactivity You have been logged out due to inactivity Thanks for Using the application Click to log back in. " } }690Views0likes3Commentsempty character in policy conditions
Hello good, I have changed iRule to policies, I have an HTTP-->HTTPS redirection rule that is formed as follows. when HTTP_REQUEST { if { ( [HTTP::uri] equals "" ) or ( [HTTP::uri] equals "/") } { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } According to that iRule, whether the uri begins with / or ' ', it redirects me to HTTPS But when it comes to passing it to policies, I can't find the way to indicate the empty character. Does anyone know how to indicate it? I have already tried to put ' ' and add it but it doesn't work. Greetings and thanks.18Views0likes1CommentiRule to replace content of the location header on HTTP Responses
I'm trying to create an iRule that will detect if a web server is sending it's private IP address in the location header on it's responses. The logic is to read the location header in the responses, detect if the private IP addresses of the servers are included on them and replace the content of the location header to the website's URL, leaving everything else intact. This is the initial code I came up with. Should this work? Any better suggestions? when HTTP_RESPONSE { if { ( [HTTP::header Location] contains "10.0.0.11" ) || ( [HTTP::header Location] contains "10.0.0.12" ) } { [HTTP::header Location] replace "www.mywebsite.com" } }1.7KViews0likes3CommentsiRule for port forwarding ssh to port 2222 on Pool
Hi, hope anybody can help 🙂 I have two LBs (activ/activ) and two Server in the Pool called RealSERVER, which are load balanced with lc. On the two Real Server i have two sshd, which are listening to Port 22 and Port 2222. The sshd (on both machines), which is listening to Port 2222 has the same rsa/dsa key, because i don't want a conflict, if the client wants to connect to the VIP. If the Client wants to connect to the VIP via SSH, it would be great, if the LBs redirect traffic from 22 to Port 2222. I've tested two iRules but both didn't work: when CLIENT_ACCEPTED { if { [TCP::local_port] == 22 } { pool RealServer 2222 } } and when CLIENT_ACCEPTED { switch [TCP::local_port 22] { 2222 { pool RealSERVER} default { discard } } } If i use this iRule: when CLIENT_ACCEPTED { if { [TCP::local_port] == 22 } { node 192.xxx.xxx.xxx 2222 IP RS1 node 192.xxx.xxx.xxx 2222 IP RS2 } } the connection will be redirect from 22 to 2222 but the load balance didn't work. Every time I connect via ssh to the VIP, i'm on RS1. If i open a second terminal i'm also connected to RS1.877Views0likes7CommentsOracle Weblogic with F5 issue,Jsession your session has expired
What can be done to resolve an issue on an oracle weblogic VIP which offloads SSL, The page loads and a "YOUR SESSION HAS EXPIRED" message is popped out,and the page redirects back to login page. When the backend servers are called directly, no such error is encountered. I already deployed an iapp for this,and it didn't solve the issue.287Views0likes1CommentAdd new key into data group without updating entire list using the API
Is there a way using the API to add a single key to a data group without needing to POST/PATCH the entire existing list with the single new addition? In other words if I have a data group that looks like this: { "name": "key1", "data": "value1" }, { "name": "key2", "data": "value2" } and I want to add the following: { "name": "key3", "data": "value3" } When using the CLI or GUI I can do this one at a time. Using the REST API it does not appear that I can just add a single new key to the list without having to GET the existing list and manually add the new one to the body before POSTing back to the LTM. Is there a way to do this that I am missing?Solved3.7KViews1like14CommentsDouble response when attempting redirect
Hi! I've got a .net application that's parsing the following iRule: when HTTP_REQUEST { HTTP::respond 301 Location "$proto://www.[HTTP::host][HTTP::uri]" When the request returns to the application, the URL gets doubled up. This looks like it's because the application passes the URI as the full path, not just the part after the host. Researching URI on the internet looks like there's some ambiguity about how it is supposed to be defined. Is there some other way we can accomplish the same thing without specifying the URI? Thanks! Jesse179Views0likes1Comment