redirect not working
I have below scenario works without redirect if statement . when i add the if statement for uri redirect getting a reset. when HTTP_REQUEST { if { [HTTP::uri] starts_with "/" } { HTTP::redirect /testpage } #log local0. "Active members is [active_members pool1]" if { [active_members pool1] == 0 }{ if { ( ( [class match [IP::client_addr] eq "whitelist"] ) && ( [active_members pool2 ] > 0 ) ) } { pool pool2 } else { HTTP::respond 503 content [ifile get "applicationdown.html"] } } }39Views0likes6CommentsReliable resources for identifying IP addresses
Hello! I'm a project manager responsible for the WAF implementation in my organization. Aside from overseeing the implementation, I'm in the trenches, so to speak, with the everyday care and feeding of WAF which is likely unusual for a project manager. 😃 Our systems administrators have setup our WAF logs so that they are logged in Splunk and Oracle. I have created numerous reports, dashboards, and alerts that Splunk uses against a lookup table that I built to identify the IP address owners. This manually built and maintained by myself in Excel and was started with IP records provided by two of our business owners for educational institutions that use their services. The Excel spreadsheet is over 100K lines and I lookup IPs using ARIN as part of growing this IP table. This is cumbersome to say the least. My manager wants to move more of our WAF reporting to an Apex tool that one of our application developers built. This renders my Splunk lookup table useless. What resources are others in the community using to identify IP addresses? The application developer responsible for the Apex application would like something available via API. I began the effort to identify IP addresses to help with our tuning and remediation efforts. We look more kindly upon infractions from an educational institutions than traffic from a bot source. We will do post production tuning against a policy if one of our business owners reports a block on behalf of an end user. The IP identification helps with this process. Our WAF administrator is extremely cautious which I respect because we need to protect our infrastructure but our processes for remediation and tuning are quite tedious. Thank you in advance for any resources you can provide! Jodi5Views0likes0CommentsMonitor string query
Hello, I am trying to set up a monitor for a pool with the config below, but I get invalid json message when trying to deploy via AS3 Monitor SEND String: GET /gateway/ping HTTP/1.1\r\nHost: <Domain-Name>\r\nConnection: Close\r\n\r\n Monitor RECEIVE String: HTTP/1\.(0|1) 200 Invalid JSON! Error: Parse error on line 274: ...n", "receive": "HTTP/1\.(0|1) 200" ----------------------^ Expecting 'STRING', 'NUMBER', 'NULL', 'TRUE', 'FALSE', '{', '[', got 'undefined'Solved5Views0likes1CommentSSL protocol mismatch
Ok, I ended up way down a rabbit hole earlier this week. That whole line of thought seemed to be a red herring. BigIP LTM trying to load balance to MS Navision servers which don't use standard 80 or 443 ports. Instead, the client communicates on port 7246 using TLSv1.2. If I have my Virtual Server Type set to "Performance (Layer 4)" I can get a connection to the Navision servers without issue. However I want to get SSL Bridging set up because I think we can get better performance with SSL Bridging than just the SSL passthrough (which I believe is basically what the"Performance (Layer 4)" is). When I try to set the type to "standard" (without puting in a client or server ssl profile) the Navision client gives me a "could not create a connection to the server". I've imported our wildcard cert and if I set the Wildcard cert for the SSL Profile (Client) and set the SSL Profile (Server) to "serverssl" I then get a "can't connect because of a protocol mismatch". Checking tmm --clientciphers DEFAULT | grep "TLS1.2" returns a bunch of TLS1.2 protocols and the Wildcard profile is set to "Ciphers Default". Checking the LTM log, I just get kind of a generic error Oct 4 15:45:20 BigIP01.domain.com warning tmm1[3124]: 01260009:4: <client IP>:43130 -> <BigIP VS IP>:7246: Connection error: ssl_passthru:5935: alert(40) not SSL Now, according to wireshark, I'm seeing both TLS and non TLS traffic to port 7246 so I'm not sure if the above error is a "real" error or if the issue is because both kinds of traffic are going to the same port. Logging on my SSL certificate is set to "debug" for all events. I'm not sure where to go next. ltm profile client-ssl Wildcard23-24 { ciphers DEFAULT } ltm profile server-ssl serverssl { ciphers DEFAULT } pool Nav_Pool_7246 profiles { LC-http { } LC-oneconnect { } LC-tcp-lan { } Wildcard23-24 { context clientside } serverssl { context serverside } } serverssl-use-sni disabled source 0.0.0.0/0 source-address-translation { pool Nav type snat } translate-address enabled translate-port enabled vs-index 4 }Solved1.4KViews0likes13CommentsASM Policy in "Blocking" Mode switch to "Transparent" for some IP's
I have a policy that I need to switch to blocking but the business want to have a phased approach. Only the testing team should be in Blocking, while the rest of the business (a different IP range) remains in transparent. I need to keep the same policy so that I can "proof" that everything is running fine. Is there a method to do that ? Was thinking about an iRule but dont know how. I know how to disable ASM with an iRule but, that's something I don't want because I need to keep the learning suggestions. Bye St.389Views0likes6CommentsF5 WAF/ASM block users that trigger too many violations by source ip/device id using the correlation logs
Hello to All, I was thinking of using the iRule tables command to write when a user ip/device id makes too many violations for a time perioud and to get blocked for some time but I see that the F5 ASM has correlation logs that trigger incidents but there is not a lot info if this can be used in iRules or to block user ip addresses / deviceid. https://support.f5.com/csp/article/K92532922Solved1.5KViews0likes7CommentsWhen F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost
Hello Everyone, I'm currently facing a weird issue on both r2800 series. A single tenant is configured on both r2800 series and whenever there is a power outage and the system reboots, all the interfaces are detached from the VLANs on the tenant. So we build a script for a workaround to automatically attach the VLAN to its respective interface when the system starts up. Reference: https://my.f5.com/manage/s/article/K11948 #!/bin/bash # Filename: /config/startup_custom_vlancreation_script.sh source /usr/lib/bigstart/bigip-ready-functions wait_bigip_ready # Here you could perform customized command(s) after MCPD is found running when the BIG-IP system starts up. # Customized startup command(s) can be added below this line. tmsh modify /net vlan VLAN-162 interfaces replace-all-with { 1.5 { tagged }} tag 162 tmsh modify /net vlan VLAN-163 interfaces replace-all-with { 1.6 { tagged }} tag 163 tmsh modify /net vlan VLAN-164 interfaces replace-all-with { 1.5 { tagged }} tag 164 tmsh modify /net vlan VLAN-165 interfaces replace-all-with { 1.5 { tagged }} tag 165 tmsh save /sys config # Customized startup command(s) should end above this line. # End of file /config/startup_custom_vlan_creation_script.sh ------ # # NOTE: # This file will be installed in /config/startup and it will # be called by /etc/rc.local. # # - /config/startup is for customer config additions and # will be saved in UCS # # - /etc/rc.local should *not* be used by customers and # can/will be changed by F5 # /config/startup_custom_vlan_creation_script.sh & Then, we tested on one of the r2800 series instances: When the tenant is rebooted, the script works in the startup and attaches the VLAN to its respective interface on the tenant. However, when the F5OS hardware device is rebooted, all the attached VLAN to its interface on the tenant are lost and even the script does not work (I believe F5 OS is different than the old tmsh shell) which might be the reason behind the failure of script when the F5OS hardware reboots. Is there any way to resolve this issues of losing attached VLAN on the interface and has anyone faced such before?18Views0likes2CommentsiRule resulting in too many redirects
I have two requirements with my virtual server. 1. A redirect to /pc/service/SSOLogin 2. 24 hour persistence based on the JSESSIONID cookie in the request header. The first one was accomplished early on with a policy that redirects to location '/pc/service/SSOLogin' at request time. This has worked without any issues until I tried to implement the JSESSIONID persistence. To accomplish the second, I created an iRule to be used with the Universal persistence profile. When I implemented this persistence profile, the redirect policy no longer worked. My assumption was that the iRule and the policy were conflicting with each other. To resolve this, I created a single iRule to handle both of these requirements. Now, I am getting too many redirects. The iRule is below. when HTTP_RESPONSE { ## PERSISTENCE # If the JSESSIONID exists, we'll pass the cookie along if { [HTTP::cookie exists "JSESSIONID"] } { persist add uie [HTTP::cookie "JSESSIONID"] 86400 } } when HTTP_REQUEST { ## PERSISTENCE # If the JSESSIONID exists, we'll maintain that persistence if { [HTTP::cookie exists "JSESSIONID"] } { persist uie [HTTP::cookie "JSESSIONID"] } ## REDIRECT # This grabs the base url from the incoming request # For Example, https://my.site.com/some/path the base_url is set to https://my.site.com set base_url "https://[HTTP::host]" # Defining the new path set new_path "/pc/service/SSOLogin" # Construct the new URL # For example, https://my.site.com/pc/service/SSOLogin set new_url "$base_url$new_path" # Redirect to the new URL HTTP::redirect $new_url }53Views0likes6Comments