empty character in policy conditions
Hello good, I have changed iRule to policies, I have an HTTP-->HTTPS redirection rule that is formed as follows. when HTTP_REQUEST { if { ( [HTTP::uri] equals "" ) or ( [HTTP::uri] equals "/") } { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } According to that iRule, whether the uri begins with / or ' ', it redirects me to HTTPS But when it comes to passing it to policies, I can't find the way to indicate the empty character. Does anyone know how to indicate it? I have already tried to put ' ' and add it but it doesn't work. Greetings and thanks.
Managing many WAF policies
Hello guys My question is more likely to be administrative question, and less technical. And I need some advices on this. We're managing so many WAF policies for so many websites. About 50+ policies. And each website has his own developers. So each time there is WAF suggestions on each policy we contact each developer to tell us if we should accept those suggestions or discard them. And this is a lot of work. Those developers has no access to the F5 machine and even have no clue how to manage it. I thought about creating an FTP server where I can upload those suggestions there and give access to developers and then they will update me which suggestions to approve and which not. But I'm not sure if this is creative solution, plus there will be a lot of work of exporting and uploading suggestiins. Has any one faced the same thing and came up with a creative solution and made it easy to manage this amount of policies with those amount of developers?What do you think about this?
LTM Policy with Rewrite profile forward to specific Node
The issue I am currently facing is in the common partition I have a profile rewrite and an LTM policy in place working perfectly and has no issues. I have tried to replicate this in a different partition with the exact same steps and it is not working. We have a virtual server: VS_Azure1.aeltc.com_10.205.1.xxxabc.aeltc.com10.205.1.xxx443 (HTTPS)StandardEdit...DMZ And we have a pool: pool_abc.aeltc.com3DMZ In this pool we have 3 different nodes ( running 3 different services ) The profile rewrite looks like this: Client uri: https://abc.aeltc.com/aegis/tt/api/ > server uri: https://ae-iapp01-tt.office.aeltc.org/AEGIS10/api/ Client uri: https://abc.aeltc.com/catering/tt/api/ > server uri: https://uniwareintegration-tt.office.aeltc.org/api/ The above are 2 examples, so the LTM policy I have tried to configure is: If when browsing to abc.aeltc.com they add /aegis/tt/api/ then send the traffic to node one always. If when browsing to abc.aeltc.com they add /catering/tt/api/ then send the traffic to node two always. I have attempted to do this via LTM however the policy isn't working it still load balances via the pool? Any help would be deeply apricated.
Source IP redirect, change host, uri and change to 443
I'm using BIG-IP LTM I have a VIP on port 4001 taking external connections, this goes to a pool with a client SSL cert. I am trying to "route" to a different destination based on the source IP address. However, I need to manipulate the uri as well. I have tried this via an iRule, but looking at the forum people are saying just use the policies section of the F5. I am a network engineer by trade and I very rarely get this deep into LTM. Please can you assist? I have outputs from what I have tried below. I have run packet captures and see that the request does forward, but in plain text (iRule output), so I have tried to encrypt it before sending it to the destination, but I don't think I'm doing it right. pool_RTS_Azure = dev.api.comany.com:443 pool_RTS_4001 is the default pool pool_RTS is the same as pool_RTS_4001
ASM Policy error importing on Version 14
Hi, I have 25 asm policies in Version 13 BIG-IP. When importing them all in to a new instance of BIP-IP 14, 2 policies give the same error and do not import. The error reads: Can't call method "new" on an undefined value at /usr/local/share/perl5/F5/ASMConfig/Entity/Suggestion.pm line 279. Is there something in the XML file that I can adjust/remove in order to correct this? Thank youLTM Tfaffic Policies via iControlRest
Prior to v12.1.0 I had an automation script which we run in batches of dozens to hundreds of VIP, Pool, Profile, Policy, etc creations. The script utilizes the Rest interface to create Policies and after Vip creation, it applies the policies. Much to my surprise after our network team upgraded some of our F5s to v12.1.0 last week, the Policy creation broke. I explored this in the GUI and see the problem. There is now a "draft" phase introduced before published policies. I managed to tinker with my powershell and successfully create a new "draft" policy. However, I cannot successfully get the draft policy published via the Rest interface. Does anyone know how this can be accomplished programmatically? Using the GUI is not a viable option when I am building out hundreds of Policies at a time.LTM Policy with HTTP_REQUEST and HTTP_PROXY_REQUEST
Hello, I try to create ltm Policy Rule to forward traffic to different virtual IP with check http host. BIG IP version: 13.1.08 I created a first Policy with two rules: Policy name: TEST2 First Rule to match HTTP PROXY REQUEST And When attempting to create a second rule to match HTTP REQUEST , the system displays an error message that appears similar to the following example: An error occurred: transaction failed:010716e2:3: Policy '//Drafts/', rule ''; an action precedes its conditions. The same configuration with an irule works. Thank you for your return. Guillaume
iRule or Policy to do Redirection Possibly
All, I am fairly new to the f5 and I'm trying to figure out how to do redirection when using url with port number then hitting a pool it would load balance one of the servers. I've already created the nodes with port numbers 10400 and 10000. I've create a pool with those nodes and create http and https VIP. What I'm trying to do is when a user type in or or or it will load balance using those pools. When I do that I keep getting the page cannot be displayed. Going to the servers directly work: But if I go using the VIP it doesn't work:
