"}},"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1728320186000"}],"cachedText({\"lastModified\":\"1728320186000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1728320186000"}]},"CachedAsset:pages-1737019307988":{"__typename":"CachedAsset","id":"pages-1737019307988","value":[{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1737019307988,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":"en","possibleValues":["en-US"]}},"deleted":false},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"CachedAsset:theme:customTheme1-1737019307523":{"__typename":"CachedAsset","id":"theme:customTheme1-1737019307523","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"JimmyPackets-512-1702592938213.png","imageLastModified":"1702592945815","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"f5_logo_fix-1704824537976.svg","imageLastModified":"1704824540697","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1600px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-400)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"NONE","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0C5C8D","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"600","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.2","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":null,"h2FontWeight":null,"h3FontWeight":null,"h4FontWeight":null,"h5FontWeight":null,"h6FontWeight":null,"__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Atkinson Hyperlegible","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.3","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1728320186000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1728320186000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1728320186000","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy","mimeType":"image/png"},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","entityType":"CATEGORY","displayId":"Articles","nodeType":"category","depth":1,"title":"Articles","shortTitle":"Articles","parent":{"__ref":"Category:category:top"},"categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","entityType":"TKB","displayId":"TechnicalArticles","nodeType":"board","depth":2,"conversationStyle":"TKB","title":"Technical Articles","description":"F5 SMEs share good practice.","avatar":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bi0zNC0xM2k0MzE3N0Q2NjFBRDg5NDAy\"}"},"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:Articles"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:zihoc95639"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:Articles"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"boardPolicies":{"__typename":"BoardPolicies","canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}},"canReadNode":{"__typename":"PolicyResult","failureReason":null}},"tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"shortTitle":"Technical Articles","tagPolicies":{"__typename":"TagPolicies","canSubscribeTagOnNode":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.subscribe_labels.allow.accessDenied","args":[]}},"canManageTagDashboard":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","key":"error.lithium.policies.labels.action.corenode.admin_labels.allow.accessDenied","args":[]}}}},"CachedAsset:quilt:f5.prod:pages/tags/TagPage:board:TechnicalArticles-1737019305882":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/tags/TagPage:board:TechnicalArticles-1737019305882","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1737019255146":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1737019255146","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":"header.jpg","backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"LEFT_CENTER","lastModified":"1702932449000","__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"hsla(30, 100%, 50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":0.4,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-primary)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid #0C5C8D","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"#0C5C8D","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"#0C5C8D"},"links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"#222222"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-primary)","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":false},"backgroundOpacity":60,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1728320186000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-1737019322394":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-1737019322394","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-1737019322394":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-1737019322394","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-1737019322394":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-1737019322394","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-1737019322394":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-1737019322394","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":null,"defaults":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"dynamicByCoreNode":false,"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1728320186000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1728320186000","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1728320186000","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1704319314827":"Blog Feed","title@instance:1704317906837":"Content Feed","title@instance:1702668293472":"Community Feed","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:319435":{"__typename":"Conversation","id":"conversation:319435","topic":{"__typename":"TkbTopicMessage","uid":319435},"lastPostingActivityTime":"2024-06-06T15:06:34.892-07:00","solved":false},"User:user:194353":{"__typename":"User","uid":194353,"login":"MattHarmon","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xOTQzNTMtMjA4OTRpMUNEQUQzODNBOURDMjA0OA"},"id":"user:194353"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjIwOThpRENGNzdDM0Y5OTEzRUY2MA?revision=16\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjIwOThpRENGNzdDM0Y5OTEzRUY2MA?revision=16","title":"s-tsuchiya-pJkXAimi4gE-unsplash.jpg","associationType":"COVER","width":875,"height":875,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNTlpRTE4NUQxQjI3REYxMTI4Qg?revision=16\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNTlpRTE4NUQxQjI3REYxMTI4Qg?revision=16","title":"Topology Flows.jpg","associationType":"BODY","width":1229,"height":609,"altText":"In the image above, we're highlighting some of the common topology types that an enterprise may choose to deploy with F5 Distributed Cloud. You can see the CE is very flexible. You can combine any number of these topology flows depending on your network and application service requirements. VIP and SNAT are common proxy terminologies, and while we can do pure L3 routing via the CE software, the ability to have a geographically dispersed proxy architecture is extremely powerful (flows 3 & 4)."},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNjBpQkQ0RjJGOEZDMjM1MDE3Qw?revision=16\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNjBpQkQ0RjJGOEZDMjM1MDE3Qw?revision=16","title":"5 Ways - Overivew.jpg","associationType":"BODY","width":1323,"height":630,"altText":"Deployment Options Summary"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNjhpODY0RUFGMzRGODlFMjZBQQ?revision=16\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNjhpODY0RUFGMzRGODlFMjZBQQ?revision=16","title":"ce-static.jpg","associationType":"BODY","width":1044,"height":629,"altText":"Layer 3 Attached - Static Routing"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNjlpNTI0OUY2RDk4REVBMzgxNQ?revision=16\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNjlpNTI0OUY2RDk4REVBMzgxNQ?revision=16","title":"ce-bgp.jpg","associationType":"BODY","width":1072,"height":688,"altText":"Layer 3 Attached - BGP Routed"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzFpQzUyN0M2OTU1Mzk2OERENA?revision=16\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzFpQzUyN0M2OTU1Mzk2OERENA?revision=16","title":"ce-vrrp.jpg","associationType":"BODY","width":1134,"height":658,"altText":"ce-vrrp.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzJpOTMwRTExMDM4OEQ0MjJDRg?revision=16\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzJpOTMwRTExMDM4OEQ0MjJDRg?revision=16","title":"ce-lb.jpg","associationType":"BODY","width":1079,"height":561,"altText":"External Attachment - In-Path Load-Balancer"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzNpRUUxQzRCRDU2RkM1Q0QwRg?revision=16\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzNpRUUxQzRCRDU2RkM1Q0QwRg?revision=16","title":"ce-dns.jpg","associationType":"BODY","width":1080,"height":569,"altText":"External Attachment - Out-of-Path DNS LB"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzRpM0MyNjNFM0Y5QUZCQzk0NQ?revision=16\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzRpM0MyNjNFM0Y5QUZCQzk0NQ?revision=16","title":"summar-details.jpg","associationType":"BODY","width":1431,"height":683,"altText":"Deployment Options Summary - Details"},"TkbTopicMessage:message:319435":{"__typename":"TkbTopicMessage","subject":"F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options","conversation":{"__ref":"Conversation:conversation:319435"},"id":"message:319435","revisionNum":16,"uid":319435,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:194353"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" F5 Distributed Cloud Customer Edge (CE) software deployment models for scale and routing for enterprises deploying multi-cloud infrastructure. Today's service delivery environments are comprised of multiple clouds in a hybrid cloud environment. How your multi-cloud solution attaches to your existing on-prem and cloud networks can be the difference between a successful overlay fabric, and one that leave you wanting more out of your solution. Learn your options with F5 Distributed Cloud Customer Edge software. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":11799},"postTime":"2023-08-14T05:00:00.034-07:00","lastPublishTime":"2024-03-14T10:18:39.548-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Introduction: \n F5 Distributed Cloud’s Customer Edge (CE) software is an incredibly powerful solution for Multi-Cloud Networking, Application Delivery, and Application Security. The Customer Edge gives you flexibility on how routing is distributed across a multi-cloud fabric, how client-side and server-side connections are handled, and ultimately the injection of highly effective L4-L7 services into a proxy architecture. Best yet, these powerful data planes are 100% managed from a central control-plane, F5 Distributed Cloud’s Console, giving a single pane of glass for configuration management and observability. \n \n That all sounds wonderful, but… there are a lot of details surrounding the deployment of the CE software. Details matter. The options at hand must be thoroughly examined for the best deployment model that fits your enterprise use case, existing network, cloud architecture(s), performance, and scale, day two operations, and personnel/team expertise. In this article, I hope to provide an overview of how to attach CEs to your network, how traffic flows from the network to the CEs for the different attachment models, and how CEs can benefit your enterprise. \n First, we must understand what environments can a CE be deployed. Keep in mind, the CE software is the same software deployed in our Regional Edges (REs). The difference is the REs are the SaaS data plane of F5 Distributed Cloud that F5 maintains and scales on the behalf of enterprises consuming services on the REs. Whereas the Customer Edge (CE) software is deployed within the enterprise environment. The CE software can be installed into four different platform types: \n \n Hypervisor - such as VMWare // KVM \n Hyperscaler - such as AWS // Azure // GCP \n Baremetal \n Kubernetes \n \n In this article, we will focus on the first 3 options, and leave the Kubernetes attachment for another day, as it is a little different from the other 3. If you’re familiar with F5 Distributed Cloud, you may also know that the CEs have two personas, one if which is Mesh for the use cases I mentioned above, and the other is AppStack, which is turning the CE into its own k8s cluster that you can bring workloads to. We will not be focusing on AppStack in this article. \n Deployment & Routing Options \n \n As you can see, there are five ways of getting traffic to a Customer Edge site (cluster) and the individual nodes making up that site/cluster. These five deployment models are grouped into three attachment types, Layer 3 attached (blue), Layer 2 attached (purple), and externally attached (green). You may have also noticed there are three CE nodes in each of the diagrams. If a single node is deployed, there is less to think about regarding scale and failover, but these attachments can still be utilized. To achieve High Availability when deploying multiple nodes, F5 Distributed Cloud requires three nodes. The three nodes are required to form a cluster due to the underlaying software stack. \n Layer Three Attached: \n This is personally my preferred method. I am a big believer in Equal Cost Multi-Path Routing (ECMP) to establish active/active/active pathing for traffic traversing the F5 Distributed Cloud Customer Edge software. However, not every environment may have routing available, especially dynamic routing via BGP. This may be due to limitations on the existing network, or comfort level of the individuals deploying the software with routing. However, if you are comfortable with routing, and the environment supports routing, this can be a great model for your enterprise. Both models shown above, static and BGP, support the expansion of a cluster via worker nodes. These worker nodes can provide horizontal scale and performance of the site/cluster. \n When statically routed, depending on your route/switch fabric, you may not get the desired effect. This could be because the of the lack of support for ECMP, or if the route is persistent even if the network cannot ARP for the next hop. However, setting up static routing is simple, quick, and takes less network expertise to accomplish. \n In the picture below, you’ll notice we’re using custom VIPs associated to 4 “color” applications/FQDNs. These custom VIPs act as loopbacks to a traditional router as they are locally significant to the F5 Distributed Cloud Customer Edge nodes. The three static routes configured in the network target the next hop of each Customer Edge node’s SLO or SLI interface to reach the custom VIP. Once the connection is established to the custom VIP, the software matches the application on criteria higher in the stack, such as port, SNI, or host information. \n \n This is the exact same for BGP attached, except BGP attached is dynamic in nature. Each custom VIP is injected as a /32 route into the route/switch fabric. If for whatever reason a node is unavailable, that custom VIP is removed from the route/switch fabric. \n Layer 2 Attached: \n A layer 2 attached model might be the most common for customers who are familiar with many other network appliances such as firewalls or load-balancers, even BIG-IP. Think of traffic groups and floating IPs in BIG-IP. These concepts typically utilize a First Hop Resolution Protocol (FHRP) known as VRRP. In F5 Distributed Cloud CE software, VRRP utilizes a VIP as a virtual address that is shared between the 3 nodes. However, the VIP is only active on one of the nodes, which creates an Active/Standby/Standby topology. The Active node’s MAC address is what is returned during the ARP process for the VIP. If a different node becomes active, the new active node’s MAC is now associated to the VIP and is updated in the broadcast domain via a process called Gratuitous ARP (GARP). \n Today, in F5 Distributed Cloud, if you’re using VRRP for your attachment, the VIP becomes active on a node at random. We do not expose any priority settings for the VIP. If using multiple custom VIPs and VRRP, this does allow for the potential of each of the nodes in the cluster to be active for a one or more of the VIPs. Meaning, you could have traffic actively utilizing all the nodes, but each of the nodes is only active for a specific VIP(s) and subset of apps associated to that VIP(s). \n In our picture below, we again have four color applications that are randomly active across each of the three nodes. Blue and purple are active on node0; red is active on node1, and green is active on node2. Take a close look at the ARP table and how the MAC addresses of the physical SLO interface map to the custom VIPs. Lastly, worker nodes participate in VRRP, and can be utilized to scale the cluster horizontally. \n \n External Attachment: \n The two external attachments for scaling services have been around for a very long time and have grown in popularity as enterprises have taken their tooling to cloud. When moving tooling from on-prem to cloud, the lack of L2 technologies such as ARP/GARP, forced many enterprises to re-think how traffic is routed to/through the tooling. This tooling includes Firewalls, Next-Generation Firewalls, Proxies, Load Balancers, Web Application Firewalls, API Gateways, Access Proxies and Federation tooling, and so on…. \n With an external Load Balancer (LB), these can be deployed as L4 or L7 load balancers for sending traffic to/through the Customer Edge software. If a L4 LB is chosen, depending on the LB technology, but it is likely that the source IP will be lost. If L7, you can use headers to maintain the source IP information, but if using TLS, you’ll need to manage certificates at the L7 LB, which may not be operationally efficient for your organization. We can scale the cluster with worker nodes by adding the worker nodes to the external LB pool. In this deployment model, custom VIPs are less needed, and the SLO or SLI interfaces can be the target. \n \n Like the inline LB, we can use an out-of-path LB via DNS. This DNS could be as simple as round-robin A-Records, or advanced Global Server Load-Balancing (GSLB), which incorporates configured intelligence and health checking into logic of what IP is sent in response to a DNS query. In this model, while health checking is available, the traffic flows would still be subject to DNS cache and TTLs for failover. As with the inline LB, worker nodes can be used to scale the cluster, and the node interface IP can be used as the DNS LB target. \n \n Summary: \n The F5 Distributed Cloud Customer Edge Software is a flexible component of the platform. The CE takes the F5 Distributed Cloud from a pure SaaS solution, to a multi-cloud fabric for Application Delivery and Security. Depending on the architecture of enterprises' different “service-centers” such as data centers and clouds, the Customer Edge software can attach to the network in many ways. Please consult your account team and F5 Distributed Cloud specialist for collaborative details on what may work best for your enterprise’s network and use case(s). \n \n Related Links \n \n \n A complete Multi-Cloud Networking walkthrough with F5 Distributed Cloud \n \n \n Get Started with WAAP Security Incidents \n \n \n F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"9881","kudosSumWeight":18,"repliesCount":3,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjIwOThpRENGNzdDM0Y5OTEzRUY2MA?revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNTlpRTE4NUQxQjI3REYxMTI4Qg?revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNjBpQkQ0RjJGOEZDMjM1MDE3Qw?revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNjhpODY0RUFGMzRGODlFMjZBQQ?revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNjlpNTI0OUY2RDk4REVBMzgxNQ?revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzFpQzUyN0M2OTU1Mzk2OERENA?revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzJpOTMwRTExMDM4OEQ0MjJDRg?revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzNpRUUxQzRCRDU2RkM1Q0QwRg?revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTk0MzUtMjUxNzRpM0MyNjNFM0Y5QUZCQzk0NQ?revision=16\"}"}}],"totalCount":9,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:303203":{"__typename":"Conversation","id":"conversation:303203","topic":{"__typename":"TkbTopicMessage","uid":303203},"lastPostingActivityTime":"2023-08-24T09:41:25.269-07:00","solved":false},"User:user:275378":{"__typename":"User","uid":275378,"login":"Ted_Byerly","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/default/avatar-10.svg"},"id":"user:275378"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyMjFpQzFFNDBCMTlDREI5RjRBRQ?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyMjFpQzFFNDBCMTlDREI5RjRBRQ?revision=23","title":"Screen Shot 2022-10-24 at 1.12.45 PM.png","associationType":"BODY","width":962,"height":545,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODVpMjkyOUY2MDEwMkEwMTIwQg?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODVpMjkyOUY2MDEwMkEwMTIwQg?revision=23","title":"menu.jpg","associationType":"BODY","width":2330,"height":1803,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODZpNkY5RjQ4NThDNTYzNjEzMw?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODZpNkY5RjQ4NThDNTYzNjEzMw?revision=23","title":"add-app.jpg","associationType":"BODY","width":3840,"height":1658,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODdpRUVGQUIzMDU2MkU5QjNBNA?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODdpRUVGQUIzMDU2MkU5QjNBNA?revision=23","title":"app-drop-down.jpg","associationType":"BODY","width":3840,"height":2024,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODhpNkZFNEMwMTM1MTc1NDVEQw?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODhpNkZFNEMwMTM1MTc1NDVEQw?revision=23","title":"id.JPG","associationType":"BODY","width":3838,"height":1340,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODlpRkRGRDAxQUI1RDZFRUI0NQ?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODlpRkRGRDAxQUI1RDZFRUI0NQ?revision=23","title":"endpoints.jpg","associationType":"BODY","width":3840,"height":1735,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTFpOERCMTk2NUE4RDE5QUJCRA?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTFpOERCMTk2NUE4RDE5QUJCRA?revision=23","title":"endpoints-rules-save.JPG","associationType":"BODY","width":3823,"height":2017,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTJpNTY0MDNEN0FBODY2RTYzNw?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTJpNTY0MDNEN0FBODY2RTYzNw?revision=23","title":"java-rules.jpg","associationType":"BODY","width":3809,"height":1677,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTNpMTI3NTQwOEI2RTk5ODE0Mw?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTNpMTI3NTQwOEI2RTk5ODE0Mw?revision=23","title":"java-rules-saved.JPG","associationType":"BODY","width":3833,"height":1311,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTRpMUE4NDMzNTQxRjFBQTI5Mg?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTRpMUE4NDMzNTQxRjFBQTI5Mg?revision=23","title":"downloads.JPG","associationType":"BODY","width":3836,"height":1072,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyMzdpRUU4M0RCMjM2OEZBQzgzRA?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyMzdpRUU4M0RCMjM2OEZBQzgzRA?revision=23","title":"AWS Login.png","associationType":"BODY","width":1496,"height":593,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjU0NDBpMjI5MDAzMjczODQxNDZGNg?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjU0NDBpMjI5MDAzMjczODQxNDZGNg?revision=23","title":"Janibasha_0-1692676635992.png","associationType":"BODY","width":3674,"height":1395,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOThpQzlDRDAxNzAzQzY4N0MyQw?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOThpQzlDRDAxNzAzQzY4N0MyQw?revision=23","title":"available-lambdas.JPG","associationType":"BODY","width":3825,"height":674,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTlpQUE2OTA1RDkxNjFFRTQyNQ?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTlpQUE2OTA1RDkxNjFFRTQyNQ?revision=23","title":"lambda-details.JPG","associationType":"BODY","width":3603,"height":1751,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDNpN0VBQ0RFOURBNzFGQkI5Qg?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDNpN0VBQ0RFOURBNzFGQkI5Qg?revision=23","title":"Screen Shot 2022-10-20 at 12.01.14 PM.png","associationType":"BODY","width":1518,"height":289,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDRpRTBFMDFBQTFGNTBGNDQwNw?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDRpRTBFMDFBQTFGNTBGNDQwNw?revision=23","title":"Screen Shot 2022-10-20 at 12.04.24 PM.png","associationType":"BODY","width":414,"height":237,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDVpN0JBQjczQjNGNEVBOTNCNw?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDVpN0JBQjczQjNGNEVBOTNCNw?revision=23","title":"Screen Shot 2022-10-20 at 12.07.04 PM.png","associationType":"BODY","width":919,"height":193,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDdpMUMwREZGQzBGNjAwRTZGOA?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDdpMUMwREZGQzBGNjAwRTZGOA?revision=23","title":"Screen Shot 2022-10-20 at 2.33.29 PM.png","associationType":"BODY","width":1512,"height":535,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDhpRkY1RTBCNjQxQjcwNTJBRQ?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDhpRkY1RTBCNjQxQjcwNTJBRQ?revision=23","title":"Screen Shot 2022-10-24 at 2.46.25 PM.png","associationType":"BODY","width":1162,"height":651,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjU0MDBpNUQzNzY5MUNGNzVBRkE2MA?revision=23\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjU0MDBpNUQzNzY5MUNGNzVBRkE2MA?revision=23","title":"bd-monitor.JPG","associationType":"BODY","width":2548,"height":2017,"altText":null},"TkbTopicMessage:message:303203":{"__typename":"TkbTopicMessage","subject":"F5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions","conversation":{"__ref":"Conversation:conversation:303203"},"id":"message:303203","revisionNum":23,"uid":303203,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:275378"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":9599},"postTime":"2022-11-01T09:00:00.034-07:00","lastPublishTime":"2023-08-24T09:41:25.269-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n In this article, I will show you how to easily protect your AWS CloudFront distributions with F5 Distributed Cloud (XC) Bot Defense. We will take advantage of AWS Lambda@Edge and the AWS Serverless Application Repository (SAR) to integrate with the F5 XC Bot Defense API. \n Amazon CloudFront is a content delivery network (CDN) operated by Amazon Web Services. Content delivery networks provide a globally-distributed network of proxy servers that cache content, such as web videos or other bulky media, more locally to consumers, thus improving access speed for downloading the content. \n F5's Distributed Cloud Bot Defense combined with Amazon's CloudFront to protect your vital applications from malicious traffic is an effective and robust solution. \n \n General Overview of Architecture \n \n Create a new Bot Defense application for AWS CloudFront \n \n Log in to your F5 Distributed Cloud Console \n Go to the Dashboard page of XC console and click Bot Defense \n \n Verify you are in the correct Namespace. Click Add Application at the top-left of the page. \n \n \n Add a Name for the Application, and a Description. \n Select a region (US, EMEA, or APJC). \n For Connector Type, select AWS CloudFront. \n \n \n Once AWS CloudFront is selected, options appear to configure AWS reference details. \n Add AWS Reference Information \n \n Enter your AWS 12-digit Account Number. \n Specify your AWS Configuration and add your CloudFront distribution; a Distribution ID and/or a Distribution Tag. You can add one or more distributions. This information is needed to associate your newly created protected application to your AWS distribution(s). \n \n \n Add Protected Endpoints \n \n Click Configure to define your protected endpoints. \n \n \n \n Click Add Item \n Enter a name and a description to the specific endpoint. \n Specify the Domain Matcher. You can choose any domain or specify a specific host value. \n Specify the Path to the endpoint (such as /login). \n Choose the HTTP Methods for which request will be analyzed by Bot Defense. Multiple methods can be selected. \n Select the Client type that will access this endpoint (Web Client). \n Select the Mitigation action to be taken for this endpoint:\n \n Continue (request continues to origin) \n Redirect. Provide the appropriate Status Code and URI \n Block. Provide the Status Code, Content Type, and Response message \n \n \n When done configuring the endpoint, click Apply. \n To continue, click Apply at the bottom of the page. \n \n \n Define Continue Global Mitigation Action \n The Header Name for Continue Mitigation Action field is the header that is added to the request when the Continue mitigation action is selected and Add A Header was selected in the endpoint mitigation configuration screen. \n \n Define Web Client JavaScript Insertion Settings \n \n JS Location - Choose the location where to insert the JS in the code: \n \n \n \n Just After <head> tag. \n Just After </title> tag. \n Right Before <script> tag. \n \n \n \n Under Java Script Insertions. Select Configure. \n \n owing Javascript insertion menu \n \n Click Add Item \n Add the Web Client JavaScript Path. You should select paths to HTML pages that end users are likely to visit before they browse to any protected endpoint. \n Click Apply \n Click Save & Exit to save your protected application configuration. \n \n \n \n Download Config File and AWS Installer Tool \n In the Actions column of the table, click the 3 ellipses (…) on your application. Download both the Config File and the AWS Installer. \n \n \n Log in to your AWS Console \n \n Login to AWS Console home page. \n Select AWS Region Northern Virginia (US-EAST-1). \n \n \n \n Use the search to find Serverless Application Repository and click it \n Click Available Applications and search with \"F5\" \n Click the F5BotDefense tile This will take you to the Lambda page. Here you will be creating and deploying a Lambda Function \n \n \n Click Deploy to install the F5 Connector for CloudFront Deploying the F5 Connector creates a new Lambda Application in your AWS Account. AWS sets the name of the new Lambda Application to start with serverlessrepo-. The deployment can take some time. It is complete when you see the serverlessrepo-F5BotDefense-* of type Lambda Function. \n \n \n You can click on the name to review contents of the installed Lambda Function. \n n details \n \n Switch to AWS CloudShell \n Configuration of the F5 Connector in AWS is best done via the F5 CLI tool. It is recommended to use the AWS CloudShell in us-east-1 region to avoid any issues. \n \n After starting AWS CloudShell, click Actions and Upload file. \n \n \n \n Upload the files you downloaded from the F5 XC Console, config.json and f5tool. (Only one file at a time can be uploaded) \n \n \n \n Run bash f5tool --install <config.json>. Installation can take up to 5 minutes. Note: Copy pasting the command may not work and so type it manually. \n \n \n The installation tool saves the previous configuration of each CloudFront Distribution in a file. You can use the F5 tool to restore a saved Distribution config (thus removing F5 Bot Defense). \n Note: Your F5 XC Bot Defense configuration, such as protected endpoints, is sensitive security info and is stored in AWS Secrets Manager. You should delete config.json after CLI installation. \n \n Validate CloudFront Distribution Functions \n \n Navigate to CloudFront > Distributions and select the distribution you are protecting. \n Then go to Behaviors \n \n \n \n Here under Behaviors are where you specify which request/response is forwarded to the Lambda@Edge Function to process with F5 XC Bot Defense. \n \n F5 XC Bot Defense requires us to leverage Viewer Request and Origin Request events. \n These events need to be available for user to use (IE they have not assigned other Functions) \n \n The AWS Installer tool that we downloaded from Distributed Cloud Console and ran in the AWS CloudShell configured this for us. \n \n \n AWS CloudWatch \n AWS CloudWatch contains logs for Lambda function deployed by F5BotDefense serverless application. \n \n The Log group name starts with /aws/lambda/us-east-1.serverlessrepo-F5BotDefense-F5BotDefense-*. \n The logs of lambda function can be found in the region closest to the location where the function executed. \n \n For troubleshooting, look for error messages contained in the links under Log steams. \n \n View Bot Traffic \n Now let’s return to F5 XC Console and show the monitoring page. \n \n Log in to your F5 Distributed Cloud Console \n Go to the Dashboard page of XC console and click Bot Defense. \n \n Make sure you are in the correct Namespace \n Under Overview click Monitor \n \n Here you can monitor and respond to events that are identified as Bot traffic. \n \n Conclusion \n That is all that is required to deploy F5 XC Bot Defense to protect your AWS Cloud Front distributions from mailicious bots protecting yourself from fraud and abuse. \n \n Related Articles: \n \n An overview of F5 Distributed Cloud Bot Defense \n How to easily protect your BIG-IP applications using F5's Distributed Cloud Bot Defense with iApps \n How to easily protect your BIG-IP applications using F5's Distributed Cloud Bot Defense, natively \n \n \n Related Video: \n \n Get Started: \n \n F5 Distributed Cloud Services \n F5 Distributed Cloud Bot Defense \n \n \n Brightboard Lesson \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"7610","kudosSumWeight":7,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyMjFpQzFFNDBCMTlDREI5RjRBRQ?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODVpMjkyOUY2MDEwMkEwMTIwQg?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODZpNkY5RjQ4NThDNTYzNjEzMw?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODdpRUVGQUIzMDU2MkU5QjNBNA?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODhpNkZFNEMwMTM1MTc1NDVEQw?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzODlpRkRGRDAxQUI1RDZFRUI0NQ?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTFpOERCMTk2NUE4RDE5QUJCRA?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTJpNTY0MDNEN0FBODY2RTYzNw?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTNpMTI3NTQwOEI2RTk5ODE0Mw?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTRpMUE4NDMzNTQxRjFBQTI5Mg?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyMzdpRUU4M0RCMjM2OEZBQzgzRA?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjU0NDBpMjI5MDAzMjczODQxNDZGNg?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOThpQzlDRDAxNzAzQzY4N0MyQw?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjUzOTlpQUE2OTA1RDkxNjFFRTQyNQ?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDNpN0VBQ0RFOURBNzFGQkI5Qg?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDRpRTBFMDFBQTFGNTBGNDQwNw?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDVpN0JBQjczQjNGNEVBOTNCNw?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxOA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDdpMUMwREZGQzBGNjAwRTZGOA?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxOQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjAyNDhpRkY1RTBCNjQxQjcwNTJBRQ?revision=23\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMyMDMtMjU0MDBpNUQzNzY5MUNGNzVBRkE2MA?revision=23\"}"}}],"totalCount":20,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3d3dy55b3V0dWJlLmNvbS93YXRjaD92PVFfNTk4YXE2UkhJfDB8MjU7MjV8fA","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://www.youtube.com/watch?v=Q_598aq6RHI","thumbnail":"https://i.ytimg.com/vi/Q_598aq6RHI/hqdefault.jpg","uploading":false,"height":225,"width":400,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:312537":{"__typename":"Conversation","id":"conversation:312537","topic":{"__typename":"TkbTopicMessage","uid":312537},"lastPostingActivityTime":"2023-04-13T05:00:00.034-07:00","solved":false},"User:user:71571":{"__typename":"User","uid":71571,"login":"AaronJB","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS03MTU3MS03eU8wS1o?image-coordinates=4%2C0%2C587%2C583"},"id":"user:71571"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTI1MzctMjMxNDdpOThENkFDRDUxQUY4RkMyRQ?revision=2\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTI1MzctMjMxNDdpOThENkFDRDUxQUY4RkMyRQ?revision=2","title":"Request Smuggling Example cropped.jpg","associationType":"BODY","width":1125,"height":285,"altText":null},"TkbTopicMessage:message:312537":{"__typename":"TkbTopicMessage","subject":"HTTP Request Smuggling, what it is, how to find it and how to stop it","conversation":{"__ref":"Conversation:conversation:312537"},"id":"message:312537","revisionNum":2,"uid":312537,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:71571"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" An overview of how the HTTP protocol operates and a dive into how the protocol enables request smuggling with example outcomes and suggested mitigations using F5 products and services ","introduction":"","metrics":{"__typename":"MessageMetrics","views":9500},"postTime":"2023-04-13T05:00:00.034-07:00","lastPublishTime":"2023-04-13T05:00:00.034-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n This is a complex topic filled with nuance and... wait, that will put you all off. Let me start again: \n \n HTTP Request Smuggling is a big topic if we want to discuss all the many ways it can be exploited, but if we stick to first principles it can be broken down quite simply and that’s what I’d like to do here – give you a primer on Request Smuggling and then some additional reading resources if you want to really dive into the topic. If there is interest after that, perhaps I’ll try and put my own spin on some of the details. Deal? Right, onward! \n Pre-requisites \n As the name implies, if you want to understand HTTP Request Smuggling, first you need to understand at least the basics of HTTP as a protocol – and we’re going to concentrate on HTTP/1.x here because although HTTP/2 is susceptible to similar attacks the underlying protocol is very different and trying to introduce both here will really muddy the waters! \n \n So, if you don’t already know HTTP well, you’re going to at least need to know the basic anatomy of an HTTP request – not all the bells and whistles but at least that there is a request line which contains the method (GET, POST etc.), the resource (usually a URI like “/index.html”) and the protocol version (e.g., HTTP/1.1) followed by zero or more headers and an optional message body. Crucially, you need to remember that each of those lines is terminated by a CRLF (Carriage Return / Line Feed or 0x0d0x0a hex) pair. \n \n Handily, my colleague JRahm has already written an entire series on HTTP and the important bit for our purposes is in Part III, Terminology. \n \n I also need to you keep in mind that at its birth, HTTP was envisioned as a one-request-per-connection kind of protocol - the client and server would have to, in a serial fashion, request each resource they needed in a new TCP connection. This was fine when pages were simple text or perhaps text with one or two other resources like pictures, but as pages ballooned in size and began pulling in tens or dozens of additional resources this quickly became a limiting factor in performance and, thus, the Keep-Alive header (HTTP/1.0) was introduced and ultimately made the default behavior (HTTP/1.1) allowing browsers to use one TCP connection to request many resources. \n \n Further complicating matters, HTTP Pipelining was introduced which allowed browsers to request multiple resources before the server has had chance to return any; let’s say the browser requests the HTML and realizes it needs the CSS, five images and the contents of an iFrame, it can go ahead and request all of those objects at the same time and then let the server return them at its leisure, all via one TCP connection. \n \n You can read more about Keep-Alive behavior and HTTP Pipelining in Lori_MacVittie's excellent article from 2009, HTTP Pipelining: A security risk without real performance benefits, but even with my 5000ft overview I think you can see how HTTP, given it is a text protocol and the flow control is entirely based on CRLF pairs, is getting quite complex.. and complex protocols are prone to RFC interpretation problems. \n RFC interpretation problems? \n Aren’t RFCs the gold-standard of documentation, you might ask, defining exactly how support for a technology should be implemented? \n \n Well yes, but also no. Yes, they are the gold standard, they do define how a technology or protocol should be implemented at a high level, but if you’ve ever tried to read one you will know that they are also littered with the words “MAY” and “SHOULD” along with endless cross-references to other RFCs. \n \n Every time there is a “MAY” or “SHOULD”, precise implementation is open for interpretation and not every software developer is going to interpret the instruction the same way, and that is just the obvious example! There are plenty of places where a “MUST” is interpreted incorrectly, or where a software vendor is forced to accommodate some non-RFC compliant behavior on the part of another piece of software (say a proxy vendor might have to accommodate non-compliant browsers or servers as was extremely common back in the dark ages of the Internet .. three weeks ago). \n \n RFCs are also often huge – RFC2068 (HTTP/1.1) is 162 pages, for example. Now bear in mind that RFC2068 was obsoleted by RFC2616 which is 176 pages, which was subsequently obsoleted by RFC7230 (88 pages), RFC7231 (100 pages), RFC7232 (27 pages), RFC7233 (24 pages), RFC7234 (42 pages) and RFC7235 (18 pages) for a total of 299 pages and that these were subsequently obsoleted by RFC9110 which says “This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230.” \n \n So, when we say “HTTP/1.1” we aren’t even talking about a single “standard” but many, interrelated in complex ways. \n \n All of this adds up to mean that not everyone is implementing any given RFC in the same way... there are disagreements. \n Get to the smuggling already! \n OK, ok. \n \n HTTP Request Smuggling is a principle by which we can smuggle, or hide, a malicious request within an innocent one such that we either directly or indirectly manipulate back-end resources. \n \n It is a technique made possible because of both the complexity of HTTP as a protocol, the differing implementations of it, and the fact that modern deployments often layer two or more HTTP “servers” atop each other to proxy requests from clients through to different back-end resources. The modern web has come a long way from Netscape Navigator sending a single request per connection to an Apache 1.0 webserver! \n \n So how does it work? \n \n The HTTP RFC provides clients with two mutually exclusive ways to tell a server how much data the client is sending: Transfer-Encoding and Content-Length. \n \n Content-Length is the easiest to understand, it is simply the number of bytes of body content being sent with the request, for example: \n POST /login.php HTTP/1.1 Host: www.example.com Content-Type: application/x-www-form-urlencoded Content-Length: 30 user=test&password=password123 \n \n Transfer-Encoding, on the other hand, allows the client to specify “chunked encoding” which allows the client to start sending data even if the client doesn’t know yet how long the body content is going to be (perhaps the data is being streamed from somewhere). The body data in this case is sent in multiple chunks with each chunk containing the chunk size and the chunk data, with the end of the data signified by a chunk with no data and a size of 0, for example: \n POST /login.php HTTP/1.1 Host: www.example.com Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 1E user=test&password=password123 0 \n \n If you weren’t aware that a client could send a chunked request you are not alone – it is rarely seen in requests sent by browsers and is much more common in server responses, but it is valid for requests. \n \n Right, that all seems rigidly defined, so where is the problem? Except this wasn’t exactly clearly spelled out until RFC7230 in 2014, which added: \n A sender MUST NOT send a Content-Length header field in any message that contains a Transfer-Encoding header field. \n Along with: \n If a message is received with both a Transfer-Encoding and a Content-Length header field, the Transfer-Encoding overrides the Content-Length. Such a message might indicate an attempt to perform request smuggling (Section 9.5) or response splitting (Section 9.4) and ought to be handled as an error. A sender MUST remove the received Content-Length field prior to forwarding such a message downstream. \n \n Perhaps because of this late addition, not all servers agree on how they should handle a request containing both a Content-Length and Transfer-Encoding header; do they treat it as a chunked request, or do they treat it as a fixed-length request? If you have multiple servers in your stack, proxying requests from one server to the next, and they don’t agree on which header takes precedence then you have potential for a Request Smuggling attack. \n A short practical example \n I’m just going to give two examples here and then provide you with some further reading if you want to dive deeper and find all of the other ways requests can be smuggled. \n \n In this first example you have a front-end server which respects the Content-Length header and ignores the Transfer-Encoding header (when both are present) and a back-end server which respects the Transfer-Encoding header: \n POST /login.php HTTP/1.1 Host: vulnerable.example.com Content-Length: 41 Transfer-Encoding: chunked 0 GET /protectedresource.html HTTP/1.1 \n \n To you, the reader, this probably looks like two pipelined requests, however if the front-end server respects the Content-Length then it assumes this entire payload is one request through to the end of “HTTP/1.1” after the GET. Meanwhile, if the back-end server respects only the Transfer-Encoding header it will see this as two requests; the first a POST for /login.php and the second is the start of a GET to some /protectedresource.html lacking the rest of the request. \n \n So, what’s the problem? The second request (from the back-end server’s perspective) is incomplete, so the server will then waits for the rest of the request. If we send another request quickly enough, there’s a chance (depending on how the front-end server handles connection pooling) that our next request will be attached to the end of that partial smuggled request. If the back-end server assumes that the front-end checked to see whether we were able to request /protectedresource.html and doesn’t check itself, then it’s quite possible we’ll get access to a page we shouldn’t be able to access (regardless of whether our first POST to /login.php succeeded or not). \n \n Graphed out, it would look something like this; the attacker’s POST to /login.php is coloured blue with the smuggled GET to /protectedresource.html coloured green, the subsequent GET to /favicon.ico used to recover the response to our smuggled GET is orange: \n \n \n In our second example, the front-end server respects the Transfer-Encoding header while the back-end server respects the Content-Length header and our attack might look like this: \n POST /login.php HTTP/1.1 Host: vulnerable.example.com Content-Length: 4 Transfer-Encoding: chunked 24 GET /protectedresource.html HTTP/1.0 0 \n \n Here the front-end server is going to handle the entire request as though it has a chunked body containing 36 bytes (24 in hex) of content meaning it will most likely ignore the smuggled request entirely (proxies, aside from Web Application Firewalls, aren’t in the habit of inspecting request body content), while the back-end server will treat the POST as though it has 4 bytes of request body (which would be just “24” followed by the CRLF) and will potentially treat the GET as a second request. Once again, we might be able to accomplish the same as in our first scenario and sneak a request for a protected resource through to the back-end and get the results back. \n \n In both examples there is another ‘successful’ scenario in which a legitimate user is the next person to send a request and it is their request which gets ‘glued’ to the end of our smuggled partial request. In that scenario the legitimate user will get a response for something they didn’t request (/protectedresource.html, in our example). What use is that you might ask? Well, if we can manipulate the responses served to a legitimate client then we can attempt attacks like cache poisoning and response header manipulation against unsuspecting users as well as the previously described attack. \n But wait, there’s more! \n There are more variations than just the two I’ve described so far; things like Transfer-Encoding confusion, HTTP/2 variants of the same attack, browser-powered request smuggling and so on, so if you’d like to do some further reading here are a few resources I consider authoritative on the matter: \n \n HTTP Request Smuggling by Chaim Linhart, Amit Klein, Ronen Heled and Steve Orrin (PDF) \n Portswigger on “What is request smuggling” \n Portswigger on “Browser-powered request smuggling” \n \n What do I do to protect myself? \n Ideally, you want to ensure that everything in your stack rigidly enforces RFCs in exactly the same way. Unfortunately, back in the real world, that is almost impossible.. \n \n If you are using BIG-IP LTM 15.0.1.1 or later (and you should be!), enable the “Enforce RFC Compliance” feature in the HTTP profile (off by default for legacy compatibility with non-compliant clients and servers, of which we still see quite a few); in early versions this option is set globally using a DB key. See K50375550 for more information. \n \n If you have it, deploy BIG-IP ASM in your proxy stack, and ensure you have policies in blocking mode with appropriate settings (also described in K50375550). \n \n If you are using HTTP/2 on the front end and proxying to HTTP/1.x, check out K27144609 – the highlights are, again, ensure you’ve deployed BIG-IP ASM in the stack and that you are running up-to-date F5 software. \n \n You could, of course, turn to a service like F5 Distributed Cloud where such proxy protections can be implemented as part of a SaaS stack, rather than deployed locally. \n \n Once all that is taken care of I suggest reading Portswiggers advice for finding request smuggling vulnerabilities and/or employing the services of a reputable penetration tester who is familiar with the technique and then use the technologies in your stack to address any specific concerns raised as a part of that engagement. \n \n That's all for now and I hope you found that useful - let me know if you'd like me to dive into any specific areas! \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"13992","kudosSumWeight":6,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMTI1MzctMjMxNDdpOThENkFDRDUxQUY4RkMyRQ?revision=2\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:292576":{"__typename":"Conversation","id":"conversation:292576","topic":{"__typename":"TkbTopicMessage","uid":292576},"lastPostingActivityTime":"2023-04-10T13:16:45.752-07:00","solved":false},"User:user:129415":{"__typename":"User","uid":129415,"login":"KevinGallaugher","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xMjk0MTUtNU4zOHUz?image-coordinates=0%2C0%2C360%2C360"},"id":"user:129415"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMjM0MTVpQUQwNUEwNDRFMzAxRjY0RQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMjM0MTVpQUQwNUEwNDRFMzAxRjY0RQ?revision=10","title":"DCCover-_0004_ali-zahdhan-WpU9j-_FeYk-unsplash.jpg","associationType":"COVER","width":500,"height":500,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=10","title":"f5xclogo.png","associationType":"BODY","width":100,"height":103,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3MzlpOEY4OEYxNEZCOTVCNjE3MA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3MzlpOEY4OEYxNEZCOTVCNjE3MA?revision=10","title":"Screen Shot 2022-02-14 at 1.26.03 PM.png","associationType":"BODY","width":792,"height":579,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3MzdpN0I2ODc5QUU1NThDRDJERQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3MzdpN0I2ODc5QUU1NThDRDJERQ?revision=10","title":"Screen Shot 2022-02-14 at 1.49.09 PM.png","associationType":"BODY","width":1145,"height":476,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDBpNUIyNkJFQ0U4N0FBNzBGMg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDBpNUIyNkJFQ0U4N0FBNzBGMg?revision=10","title":"Screen Shot 2022-02-14 at 1.52.49 PM.png","associationType":"BODY","width":528,"height":739,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDFpQjU0MjI0RjRDNzkyNzM4Mw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDFpQjU0MjI0RjRDNzkyNzM4Mw?revision=10","title":"Screen Shot 2022-02-14 at 2.07.21 PM.png","associationType":"BODY","width":1121,"height":82,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDJpNjgzQkJDN0IxMThCNkU5QQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDJpNjgzQkJDN0IxMThCNkU5QQ?revision=10","title":"Screen Shot 2022-02-14 at 2.09.39 PM.png","associationType":"BODY","width":579,"height":212,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDNpQUY3REM5QTNBRTUzQzczMQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDNpQUY3REM5QTNBRTUzQzczMQ?revision=10","title":"Screen Shot 2022-02-14 at 2.22.13 PM.png","associationType":"BODY","width":767,"height":519,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDRpNTFCNzQ3RkFBRTIwQzQ1RA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDRpNTFCNzQ3RkFBRTIwQzQ1RA?revision=10","title":"Screen Shot 2022-02-14 at 2.24.38 PM.png","associationType":"BODY","width":1128,"height":366,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDVpNTg0RDNCQTdBNDA1QjM5MA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDVpNTg0RDNCQTdBNDA1QjM5MA?revision=10","title":"Screen Shot 2022-02-14 at 2.58.19 PM.png","associationType":"BODY","width":566,"height":563,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDZpNTg0RjFGMkJDRjM5N0ZEQg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDZpNTg0RjFGMkJDRjM5N0ZEQg?revision=10","title":"Screen Shot 2022-02-14 at 3.02.26 PM.png","associationType":"BODY","width":494,"height":462,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDhpQjEyOEQzNDM4QUU1MTJCRA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDhpQjEyOEQzNDM4QUU1MTJCRA?revision=10","title":"Screen Shot 2022-02-14 at 3.19.36 PM.png","associationType":"BODY","width":408,"height":344,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDlpQkIxQUVFQjA4MjZBRjgxOQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDlpQkIxQUVFQjA4MjZBRjgxOQ?revision=10","title":"Screen Shot 2022-02-14 at 3.25.52 PM.png","associationType":"BODY","width":1404,"height":552,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTBpNzE4NDFEOTlCMzlCMjFFNA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTBpNzE4NDFEOTlCMzlCMjFFNA?revision=10","title":"Screen Shot 2022-02-14 at 3.30.56 PM.png","associationType":"BODY","width":1133,"height":181,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTFpMzEyRDJEQzlBRThCQkNCNQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTFpMzEyRDJEQzlBRThCQkNCNQ?revision=10","title":"Screen Shot 2022-02-14 at 3.33.36 PM.png","associationType":"BODY","width":1090,"height":361,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTJpMDg4MjE0M0Q4NjY4NDBGQg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTJpMDg4MjE0M0Q4NjY4NDBGQg?revision=10","title":"Screen Shot 2022-02-14 at 3.39.14 PM.png","associationType":"BODY","width":623,"height":275,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTNpOTgzODkyNkM4NUE2NzQ5Ng?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTNpOTgzODkyNkM4NUE2NzQ5Ng?revision=10","title":"Screen Shot 2022-02-14 at 3.40.42 PM.png","associationType":"BODY","width":677,"height":319,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTRpQkRFM0Y1MjczNzUxNzY0NQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTRpQkRFM0Y1MjczNzUxNzY0NQ?revision=10","title":"Screen Shot 2022-02-14 at 3.43.53 PM.png","associationType":"BODY","width":622,"height":292,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTVpOTEwMTVFMzA0NjUxNjYwRA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTVpOTEwMTVFMzA0NjUxNjYwRA?revision=10","title":"Screen Shot 2022-02-14 at 3.47.15 PM.png","associationType":"BODY","width":1100,"height":231,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTZpNTc1MjdFNTY3MDREQjAxNA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTZpNTc1MjdFNTY3MDREQjAxNA?revision=10","title":"Screen Shot 2022-02-14 at 3.48.34 PM.png","associationType":"BODY","width":1100,"height":358,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTdpREUwM0Y3NkE3RDlBN0YyQw?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTdpREUwM0Y3NkE3RDlBN0YyQw?revision=10","title":"Screen Shot 2022-02-14 at 3.50.00 PM.png","associationType":"BODY","width":1123,"height":373,"altText":null},"TkbTopicMessage:message:292576":{"__typename":"TkbTopicMessage","subject":"F5 Distributed Cloud L3-L7 DDoS Mitigation","conversation":{"__ref":"Conversation:conversation:292576"},"id":"message:292576","revisionNum":10,"uid":292576,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:129415"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" In this article you will learn how simple it is to use F5 Distributed Cloud to protect your application from DDoS attacks. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":9299},"postTime":"2022-03-01T09:00:00.021-08:00","lastPublishTime":"2023-04-10T13:16:45.752-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Introduction \n In this article you will learn how simple it is to use F5 Distributed Cloud to protect your application from DDoS attacks. Some of the benefits of using F5 Distributed Cloud DDoS Mitigation are: \n \n Ensure application and network availability during DDoS attacks \n Block the malicious traffic while allowing the good, ensuring a good user experience for applications and services \n Identify and mitigate sophisticated Layer 7 DoS attacks that exploit application & infrastructure weaknesses \n Block the attack where it originates with a global backbone and distributed DoS mitigation technology \n Protect small facility and cloud-based applications and services with DNS-based redirection \n \n \n \"Nature is a mutable cloud, which is always and never the same.\" - Ralph Waldo Emerson \n We might not wax that philosophically around here, but our heads are in the cloud nonetheless! Join the F5 Distributed Cloud user group today and learn more with your peers and other F5 experts. \n \n Layer 3/4 DDoS Mitigation is enabled by default and requires no configuration. \n DDoS Mitigation is included with the F5 Distributed Cloud service. \n Configuring F5 Distributed Cloud DDoS Mitigation \n From the F5 Distributed Cloud Console select Load Balancers to begin. \n \n For this article let’s assume you have configured a very basic HTTP Load Balancer named “my-web-app”. On the right under Actions click the 3 dots and select Manage Configuration. \n \n \n \n \n \n The Basic Configuration shows the Domain name, “mydomain.com” in this example. The Load Balancer is configured as HTTPS with Automatic Certificate and an HTTP redirect to HTTPS. TLS security is set to High. \n \n \n Under Security Configuration you may need to scroll down and toggle the Show Advanced Fields button to On to view the DDoS configuration. \n \n \n Scroll down to ML Config and select Single Load Balancer Application. \n \n \n Disable API Discovery. \n \n \n Scroll to the bottom and click Save and Exit. \n \n \n The application is now protected from Layer 7 DDoS attacks. \n How to know when a DDoS attack occurs? \n Security Events will be generated when a DDoS attack occurs. This can be viewed from the Security Monitoring Dashboard. \n \n \n Select the DDoS Dashboard to view a geographical map that shows the location off the affected application. \n \n Expand the DDoS Events for more detail. Under Metric we can see that Error Rate and Request Rate were triggered. Make a note of the Suspicious Users IP address so it can be blocked. \n \n How to mitigate attacks? \n Go back to Manage > Load Balancers. Click the 3 dots under Actions and select Manage Configuration. \n \n \n Click Edit Configuration on the top right. \n \n \n Scroll down under Security Configuration. Find the DDoS Mitigation Rules and click Configure. \n \n Click Add item. \n \n Give it a name, “block-by-ip” in this example. \n \n Under Mitigation Choice > IP Source enter the IP prefixes you want to block. \n \n Note: IP address 1.2.3.4 is only being used as an example. 1.2.3.0/24 notations can be used to block entire subnets. \n Click Add item at the bottom. \n \n Then click Apply. \n \n Scroll to the bottom and click Save and Exit. \n \n The attacking client has been blocked and will no longer trigger DDoS Events. \n Conclusion \n In this article you learned how to enable and configure L7 DDoS Mitigation with the F5 Distributed Cloud. We also went over the monitoring of Security Events and what to do if a DDoS attack is detected. \n For further information or to get started: \n \n F5 Distributed Cloud WAAP YouTube series (Link) \n F5 Distributed Cloud WAAP Services (Link) \n F5 Distributed Cloud WAAP Get Started (Link) \n \n Tag: F5 XC DDoS Mitigation \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"3844","kudosSumWeight":4,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMjM0MTVpQUQwNUEwNDRFMzAxRjY0RQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3MzlpOEY4OEYxNEZCOTVCNjE3MA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3MzdpN0I2ODc5QUU1NThDRDJERQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDBpNUIyNkJFQ0U4N0FBNzBGMg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDFpQjU0MjI0RjRDNzkyNzM4Mw?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDJpNjgzQkJDN0IxMThCNkU5QQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDNpQUY3REM5QTNBRTUzQzczMQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDRpNTFCNzQ3RkFBRTIwQzQ1RA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDVpNTg0RDNCQTdBNDA1QjM5MA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDZpNTg0RjFGMkJDRjM5N0ZEQg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDhpQjEyOEQzNDM4QUU1MTJCRA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NDlpQkIxQUVFQjA4MjZBRjgxOQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTBpNzE4NDFEOTlCMzlCMjFFNA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTFpMzEyRDJEQzlBRThCQkNCNQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTJpMDg4MjE0M0Q4NjY4NDBGQg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTNpOTgzODkyNkM4NUE2NzQ5Ng?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxOA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTRpQkRFM0Y1MjczNzUxNzY0NQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxOQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTVpOTEwMTVFMzA0NjUxNjYwRA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTZpNTc1MjdFNTY3MDREQjAxNA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wyMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTI1NzYtMTY3NTdpREUwM0Y3NkE3RDlBN0YyQw?revision=10\"}"}}],"totalCount":21,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:306550":{"__typename":"Conversation","id":"conversation:306550","topic":{"__typename":"TkbTopicMessage","uid":306550},"lastPostingActivityTime":"2025-01-15T10:02:24.982-08:00","solved":false},"User:user:242856":{"__typename":"User","uid":242856,"login":"MichaelOLeary","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yNDI4NTYtMjA2NzVpMjAwQzU1OUQzMEFFMDM2RQ"},"id":"user:242856"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE5MzdpMDUxQjQzRTRDMTIyRTZFNQ?revision=68\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE5MzdpMDUxQjQzRTRDMTIyRTZFNQ?revision=68","title":"k8s.jpg","associationType":"COVER","width":500,"height":500,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE1MDZpNjFFNDAwMzE1RkI2MTAwQQ?revision=68\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE1MDZpNjFFNDAwMzE1RkI2MTAwQQ?revision=68","title":"k8s-arch-options.png","associationType":"BODY","width":699,"height":263,"altText":"k8s-arch-options.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjEzMzNpQjkyNDZCQjVGMzc1RUQ0MQ?revision=68\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjEzMzNpQjkyNDZCQjVGMzc1RUQ0MQ?revision=68","title":"secure-k8s-gw.PNG","associationType":"BODY","width":2508,"height":1201,"altText":"secure-k8s-gw.PNG"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjEzMzZpNUNEOUUzOUMxNEFCOTI2NQ?revision=68\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjEzMzZpNUNEOUUzOUMxNEFCOTI2NQ?revision=68","title":"k8s-site.PNG","associationType":"BODY","width":2518,"height":1183,"altText":"k8s-site.PNG"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE1NzFpQUQ1NUIyM0U2MDcyMEMyOQ?revision=68\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE1NzFpQUQ1NUIyM0U2MDcyMEMyOQ?revision=68","title":"vk8s.PNG","associationType":"BODY","width":2165,"height":1284,"altText":"vk8s.PNG"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE1OTBpMkMwRDFFNTcxNjI1NUQ4Qg?revision=68\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE1OTBpMkMwRDFFNTcxNjI1NUQ4Qg?revision=68","title":"mk8s.PNG","associationType":"BODY","width":2359,"height":1339,"altText":"mk8s.PNG"},"TkbTopicMessage:message:306550":{"__typename":"TkbTopicMessage","subject":"Kubernetes architecture options with F5 Distributed Cloud Services","conversation":{"__ref":"Conversation:conversation:306550"},"id":"message:306550","revisionNum":68,"uid":306550,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:242856"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":9211},"postTime":"2023-01-11T09:22:19.033-08:00","lastPublishTime":"2025-01-15T10:02:24.982-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Summary \n F5 Distributed Cloud Services (F5 XC) can both integrate with your existing Kubernetes (K8s) clusters and/or host a K8s workload itself. Within these distinctions, we have multiple architecture options. This article explores four major architectures in ascending order of sophistication and advantages. \n \n Architecture #1: External Load Balancer (Secure K8s Gateway) \n Architecture #2: CE as a pod (K8s site) \n Architecture #3: Managed Namespace (vK8s) \n Architecture #4: Managed K8s (mK8s) \n \n Kubernetes Architecture Options \n As K8s continues to grow, options for how we run K8s and integrate with existing K8s platforms continue to grow. F5 XC can both integrate with your existing K8s clusters and/or run a managed K8s platform itself. Multiple architectures exist within these offerings too, so I was thoroughly confused when I first heard about these possibilities. \n A colleague recently laid it out for me in a conversation: \n \"Michael, listen up: XC can either integrate with your K8s platform, run inside your K8s platform, host virtual K8s (Namespace-aaS), or run a K8s platform in your environment.\" I replied, \"That's great. Now I have a mental model for differentiating between architecture options.\" \n This article will overview these architectures and provide 101-level context: when, how, and why would you implement these options? \n Side note 1: F5 XC concepts and terms \n F5 XC is a global platform that can provide networking and app delivery services, as well as compute (K8s workloads). We call each of our global PoP's a Regional Edge (RE). RE's are highly meshed to form the backbone of the global platform. They connect your sites, they can expose your services to the Internet, and they can run workloads. This platform is extensible into your data center by running one or more XC Nodes in your network, also called a Customer Edge (CE). A CE is a compute node in your network that registers to our global control plane and is then managed by a customer as SaaS. \n The registration of one or more CE's creates a customer site in F5 XC. A CE can run on a hypervisor (VMWare/KVM/Etc), a Hyperscaler (AWS, Azure, GCP, etc), baremetal, or even as a k8s pod, and can be deployed in HA clusters. \n XC Mesh functionality provides connectivity between sites, security services, and observability. Optionally, in addition, XC App Stack functionality allows a large and arbitrary number of managed clusters to be logically grouped into a virtual site with a single K8s mgmt interface. So where Mesh services provide the networking, App Stack services provide the Kubernetes compute mgmt. Our first 2 architectures require Mesh services only, and our last two require App Stack. \n Side note 2: Service-to-service communication \n I'm often asked how to allow services between clusters to communicate with each other. This is possible and easy with XC. Each site can publish services to every other site, including K8s sites. This means that any K8s service can be reachable from other sites you choose. And this can be true in any of the architectures below, although more granular controls are possible with the more sophisticated architectures. I'll explore this common question more in a separate article. \n Architecture 1: External Load Balancer (Secure K8s Gateway) \n In a Secure Kubernetes Gateway architecture, you have integration with your existing K8s platform, using the XC node as the external load balancer for your K8s cluster. In this scenario, you create a ServiceAccount and kubeconfig file to configure XC. The XC node then performs service discovery against your K8s API server. I've covered this process in a previous article, but the advantage is that you can integrate with existing K8s platforms. This allows exposing both NodePort and ClusterIP services via the XC node. \n \n XC is not hosting any workloads in this architecture, but it is exposing your services to your local network, or remote sites, or the Internet. In the diagram above, I show a web application being accesssed from a remote site (and/or the Internet) where the origin pool is a NodePort service discovered in a K8s cluster. \n Architecture 2: Run a site within a K8s cluster (K8s site type) \n Creating a K8s site is easy - just deploy a single manifest found here. This file deploys multiple resources in your cluster, and together these resources work to provide the services of a CE, and create a customer site. I've heard this referred to as \"running a CE inside of K8s\" or \"running your CE as a pod\". However, when I say \"CE node\" I'm usually referring to a discreet compute node like a VM or piece of hardware; this architecture is actually a group of pods and related resources that run within K8s to create a XC customer site. \n With XC running inside your existing cluster, you can expose services within the cluster by DNS name because the site will resolve these from within the cluster. Your service can then be exposed anywhere by the F5 XC platform. This is similar to Architecture 1 above, but with this model, your site is simply a group of pods within K8s. An advantage here is the ability to expose services of other types (e.g. ClusterIP). \n A site deployed into a K8s cluster will only support Mesh functionality and does not support AppStack functionality (i.e., you cannot run a cluster within your cluster). In this architecture, XC acts as a K8s ingress controller with built-in application security. It also enables Mesh features, such as publishing of other sites' services on this site, and publishing of this site's discovered services on other sites. \n Architecture 3: vK8s (Namespace-as-a-Service) \n If the services you use include AppStack capabilities, then architectures #3 and #4 are possible for you. In these scenarios, our XC node actually runs your K8s on your workloads. We are no longer integrating XC with your existing K8s platform. XC is the platform. \n A simple way to run K8s workloads is to use a virtual k8s (vK8s) architecture. This could be referred to as a \"managed Namespace\" because by creating a vK8s object in XC you get a single namespace in a virtual cluster. \n Your Namespace can be fully hosted (deployed to RE's) or run on your VM's (CE's), or both. Your kubeconfig file will allow access to your Namespace via the hosted API server. Via your regular kubectl CLI (or via the web console) you can create/delete/manage K8s resources (Deployments, Services, Secrets, ServiceAccounts, etc) and view application resource metrics. \n This is great if you have workloads that you want to deploy to remote regions where you do not have infrastructure and would prefer to run in F5's RE's, or if you have disparate clusters across multiple sites and you'd like to manage multiple K8s clusters via a single centralized, virtual cluster. \n Best practice guard rails for vK8s \n With a vK8s architecture, you don't have your own cluster, but rather a managed Namespace. So there are some restrictions (for example, you cannot run a container as root, bind to a privileged port, or to the Host network). You cannot create CRD's, ClusterRoles, PodSecurityPolicies, or Namespaces, so K8s operators are not supported. In short, you don't have a managed cluster, but a managed Namespace on a virtual cluster. \n Architecture 4: mK8s (Managed K8s) \n In managed k8s (mk8s, also known as physical K8s or pk8s) deployment, we have an enterprise-level K8s distribution that is run at your site. This means you can use XC to deploy/manage/upgrade K8s infrastructure, but you manage the Kubernetes resources. The benefits include what is typical for 3rd-party K8s mgmt solutions, but also some key differentiators: \n \n multi-cloud, with automation for Azure, AWS, and GCP environments \n consumed by you as SaaS \n enterprise-level traffic control natively \n allows a large and arbitrary number of managed clusters to be logically managed with a single K8s mgmt interface \n \n You can enable kubectl access against your local cluster and disable the hosted API server, so your kubeconfig file can point to a global URL or a local endpoint on-prem. \n Another benefit of mK8s is that you are running a full K8s cluster at your site, not just a Namespace in a virtual cluster. The restrictions that apply to vK8s (see above) do not apply to mK8s, so you could run privileged pods if required, use Operators that make use of ClusterRoles and CRDs, and perform other tasks that require cluster-wide access. \n Traffic management controls with mK8s \n Because your workloads run in a cluster managed by XC, we can apply more sophisticated and native policies to K8s traffic than non-managed clusters in earlier architectures: \n \n Service isolation can be enforced within the cluster, so that pods in a given namespace cannot communicate with services outside of that namespace, by default. \n More service-to-service controls exist so that you can decide which services can reach with other services with more granularity. \n Egress control can be natively enforced for outbound traffic from the cluster, by namespace, labels, IP ranges, or other methods. E.g.: Svc A can reach myapi.example.com but no other Internet service. \n WAF policies, bot defense, L3/4 policies, etc—all of these policies that you have typically applied with network firewalls, WAF's, etc—can be applied natively within the platform. \n \n This architecture took me a long time to understand, and longer to fully appreciate. But once you have run your workloads natively on a managed K8s platform that is connected to a global backbone and capable of performing network and application delivery within the platform, the security and traffic mgmt benefits become very compelling. \n Conclusion: \n As K8s continues to expand, management solutions of your clusters make it possible to secure your K8s services, whether they are managed by XC or exist in disparate clusters. With F5 XC as a global platform consumed as a service—not a discreet installation managed by you—the available architectures here are unique and therefore can accommodate the diverse (and changing!) ways we see K8s run today. \n Related Articles \n \n Securely connecting Kubernetes Microservices with F5 Distributed Cloud \n Multi-cluster Multi-cloud Networking for K8s with F5 Distributed Cloud - Architecture Pattern \n Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"10582","kudosSumWeight":29,"repliesCount":5,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE5MzdpMDUxQjQzRTRDMTIyRTZFNQ?revision=68\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE1MDZpNjFFNDAwMzE1RkI2MTAwQQ?revision=68\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjEzMzNpQjkyNDZCQjVGMzc1RUQ0MQ?revision=68\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjEzMzZpNUNEOUUzOUMxNEFCOTI2NQ?revision=68\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE1NzFpQUQ1NUIyM0U2MDcyMEMyOQ?revision=68\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDY1NTAtMjE1OTBpMkMwRDFFNTcxNjI1NUQ4Qg?revision=68\"}"}}],"totalCount":6,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:301393":{"__typename":"Conversation","id":"conversation:301393","topic":{"__typename":"TkbTopicMessage","uid":301393},"lastPostingActivityTime":"2024-06-10T11:56:00.454-07:00","solved":false},"User:user:418292":{"__typename":"User","uid":418292,"login":"Dave_Potter","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS00MTgyOTItMTg3MjFpQjk4MDYyMjM5NTk2MUI5Nw"},"id":"user:418292"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODhpMzIyQjY5QjQ3RDRDMUExMw?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODhpMzIyQjY5QjQ3RDRDMUExMw?revision=24","title":"susan-holt-simpson-Rd01U0tPmQI-unsplash.jpg","associationType":"COVER","width":2400,"height":1589,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=24","title":"f5xclogo.png","associationType":"BODY","width":100,"height":103,"altText":"f5xclogo.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2NzdpN0ZCNjUwNzgxNzBBOTg1Ng?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2NzdpN0ZCNjUwNzgxNzBBOTg1Ng?revision=24","title":"Slide4.jpeg","associationType":"BODY","width":1920,"height":1080,"altText":"Slide4.jpeg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2NzhpODUwNDQzMTNBM0U3NkFCNw?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2NzhpODUwNDQzMTNBM0U3NkFCNw?revision=24","title":"Slide5.jpeg","associationType":"BODY","width":1920,"height":1080,"altText":"Slide5.jpeg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODRpNTg4NUM1NTA1OUFGNDI2Mg?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODRpNTg4NUM1NTA1OUFGNDI2Mg?revision=24","title":"DNS-Dashboard_4.jpg","associationType":"BODY","width":1483,"height":645,"altText":"DNS-Dashboard_4.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODdpNDIxMUIxMUNEOTUxNDkxNg?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODdpNDIxMUIxMUNEOTUxNDkxNg?revision=24","title":"DNS-Dashboard_3.jpg","associationType":"BODY","width":1471,"height":922,"altText":"DNS-Dashboard_3.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODFpOTUxOTJGQjUzQ0RCNzI4RA?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODFpOTUxOTJGQjUzQ0RCNzI4RA?revision=24","title":"DNS-Dashboard_2.jpg","associationType":"BODY","width":1087,"height":371,"altText":"DNS-Dashboard_2.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjY2MDFpODZDOTgyQzEwOTdDOTdDMg?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjY2MDFpODZDOTgyQzEwOTdDOTdDMg?revision=24","title":"F5XC-dns-import_2.jpg","associationType":"BODY","width":960,"height":476,"altText":"F5XC-dns-import_2.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjY2MDBpRTJCMzE5MzdCMjlGODRGQQ?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjY2MDBpRTJCMzE5MzdCMjlGODRGQQ?revision=24","title":"F5XC-dns-import_1.jpg","associationType":"BODY","width":797,"height":540,"altText":"F5XC-dns-import_1.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtUWFYd0RH?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtUWFYd0RH?revision=24","title":"DNS-BIND_2.jpg","associationType":"BODY","width":628,"height":243,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtcWNrM3BM?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtcWNrM3BM?revision=24","title":"DNS-BIND_1.jpg","associationType":"BODY","width":1194,"height":299,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMXpibnJM?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMXpibnJM?revision=24","title":"github-mark.png","associationType":"BODY","width":240,"height":240,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzdpNzA3RURCQTJCOTZBOTc5Mg?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzdpNzA3RURCQTJCOTZBOTc5Mg?revision=24","title":"Slide1.jpg","associationType":"BODY","width":1920,"height":1080,"altText":"Slide1.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzRpOTFENjkyMzRFRDZFRDlFQQ?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzRpOTFENjkyMzRFRDZFRDlFQQ?revision=24","title":"DNS-Images_1.jpg","associationType":"BODY","width":827,"height":540,"altText":"DNS-Images_1.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzVpMzI5QjU0MUU4NzJCOEFGMg?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzVpMzI5QjU0MUU4NzJCOEFGMg?revision=24","title":"DNS-Images_2.jpg","associationType":"BODY","width":876,"height":540,"altText":"DNS-Images_2.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzZpQ0MyRjQ3MUFGQUE2RTlGOA?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzZpQ0MyRjQ3MUFGQUE2RTlGOA?revision=24","title":"DNS-Images_3.jpg","associationType":"BODY","width":960,"height":323,"altText":"DNS-Images_3.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODVpNkRBQkMxOTI3QzU3MUJCRA?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODVpNkRBQkMxOTI3QzU3MUJCRA?revision=24","title":"Slide8.jpeg","associationType":"BODY","width":1920,"height":1080,"altText":"Slide8.jpeg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODZpNThCQ0VBMkNEQzQ5NzY5OQ?revision=24\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODZpNThCQ0VBMkNEQzQ5NzY5OQ?revision=24","title":"DNS-Dashboard_1.jpg","associationType":"BODY","width":1473,"height":770,"altText":"DNS-Dashboard_1.jpg"},"TkbTopicMessage:message:301393":{"__typename":"TkbTopicMessage","subject":"Use F5 Distributed Cloud to control Primary and Secondary DNS","conversation":{"__ref":"Conversation:conversation:301393"},"id":"message:301393","revisionNum":24,"uid":301393,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:418292"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":9098},"postTime":"2022-10-13T05:00:00.042-07:00","lastPublishTime":"2024-06-10T11:56:00.454-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n \n Overview \n Domain Name Service (DNS); it's how humans and machines discover where to connect. DNS on the Internet is the universal directory of addresses to names. If you need to get support for the product Acme, you go to support.acme.com. Looking for the latest headlines in News, try www.aonn.com or www.npr.org. DNS is the underlying feature that nearly every service on the Internet depends on. Having a robust and reliable DNS provider is critical to keeping your organization online and working, and especially so during a DDoS attack. \n \"Nature is a mutable cloud, which is always and never the same.\" - Ralph Waldo Emerson \n We might not wax that philosophically around here, but our heads are in the cloud nonetheless! Join the F5 Distributed Cloud user group today and learn more with your peers and other F5 experts. \n \n F5 Distributed Cloud DNS (F5 XC DNS) can function as both Primary or Secondary nameservers, and it natively includes DDoS protection. Using F5 XC DNS, it’s possible to provision and configure primary or secondary DNS securely in minutes. Additionally, the service uses a global anycast network and is built to scale automatically to respond to large query volumes. Dynamic security is included and adds automatic failover, DDoS protection, TSIG authentication support, and when used as a secondary DNS—DNSSEC support. \n F5 Distributed Cloud allows you to manage all of your sites as a single “logical cloud” providing: - A portable platform that spans multiple sites/clouds - A private backbone connects all sites - Connectivity to sites through its nodes (F5 Distributed Cloud Mesh and F5 Distributed Cloud App Stack) - Node flexibility, allowing it to be virtual machines, live on hardware within data centers, sites, or in cloud instances (e.g. EC2) - Nodes provide vK8s (virtual K8s), network and security services - Services managed through F5 Distributed Cloud’s SaaS base console \n Scenario 1 – F5 Distributed Cloud DNS: Primary Nameserver \n Consider the following; you're looking to improve the response time of your app with a geo-distributed solution, including DNS and app distribution. With F5 XC DNS configured as the primary nameserver, you’ll automatically get DNS DDoS protection, and will see an improvement in the response the time to resolve DNS just by using Anycast with F5’s global network’s regional point of presence. To configure F5 XC DNS to be the Primary nameserver for your domain, access the F5 XC Console, go to DNS Management, and then Add Zone. Alternately, if you're migrating from another DNS server or DNS service to F5 XC DNS, you can import this zone directly from your DNS server. Scenario 1.2 below illustrates how to import and migrate your existing DNS zones to F5 XC DNS. Here, you’ll write in the domain name (your DNS zone), and then View Configuration for the Primary DNS. \n On the next screen, you may change any of the default SOA parameters for the zone, and any type of resource record (RR) or record sets which the DNS server will use to respond to queries. For example, you may want to return more than one A record (IP address) for the frontend to your app when it has multiple points of presence. To do this, enter as many IP addresses of record type A as needed to send traffic to all the points of ingress to your app. Additional Resource Record Sets allows the DNS server to return more than a single type of RR. For example, the following configurations, returns two A (IPv4 address) records and one TXT record to the query of type ANY for “al.demo.internal”. \n Optionally, if your root DNS zone has been configured for DNSSEC, then enabling it for the zone is just a matter of toggling the default setting in the F5 XC Console. \n Scenario 1.2 - Import an Existing Primary Zone to Distributed Cloud using Zone Transfer (AXFR) \n F5 XC DNS can use AXFR DNS zone transfer to import an existing DNS zone. Navigate to DNS Management > DNS Zone Management, then click Import DNS Zone. \n Enter the zone name and the externally accessible IP of the primary DNS server. ➡️ Note: You'll need to configure your DNS server and any firewall policies to allow zone transfers from F5. A current list of public IP's that F5 uses can be found in the following F5 tech doc. \n Optionally, configure a transaction signature (TSIG) to secure the DNS zone transfer. When you save and exit, F5 XC DNS executes a secondary nameserver zone AXFR and then transitions itself to be the zone's primary DNS server. \n To finish the process, you'll need to change the NS records for the zone at your domain name registrar. In the registrar, change the name servers to the following F5 XC DNS servers: \n ns1.f5clouddns.com ns2.f5clouddns.com \n \n Scenario 1.3 - Import Existing (BIND format) Primary Zones directly to Distributed Cloud \n F5 XC DNS can directly import BIND formatted DNS zone files in the Console, for example, db.2-0-192.in-addr.arpa and db.foo.com. Enterprises often use BIND as their on-prem DNS service, importing these files to Distributed Cloud makes it easier to migrate existing DNS records. \n To import existing BIND db files, navigate to DNS Management > DNS Zone Management, click Import DNS Zone, then \"BIND Import\". \n \n Now click \"Import from File\" and upload a .zip with one or more BIND db zone files. The import wizard accepts all primary DNS zones and ignores other zones and files. \n \n After uploading a .zip file, the next screen reports any warnings and errors At this poing you can \"Save and Exit\" to import the new DNS zones or cancel to make any changes. \n For more complex zone configurations, including support for using $INCLUDE and $ORIGIN directives in BIND files, the following open source tool will convert BIND db files to JSON, which can then be copied directly to the F5 XC Console when configuring records for new and existing Primary DNS zones. \n \n \n BIND to XC-DNS Converter \n \n \n \n \n \n \n Scenario 2 - F5 Distributed Cloud DNS: Primary with Delegated Subdomains \n An enhanced capability when using Distributed Cloud (F5 XC) as the primary DNS server for your domains or subdomains, is to have services in F5 XC dynamically create their own DNS records, and this can be done either directly in the primary domain or the subdomains. Note that before July 2023, the delegated DNS feature in F5 XC required the exclusive use of subdomains to dynamically manage DNS records. As of July 2023, organizations are allowed to have both F5 XC managed and user-managed DNS resource records in the same domain or subdomain. \n When \"Allow HTTP Load Balancer Managed Records\" is checked, DNS records automatically added by F5 XC appear in a new RR set group called x-ves-io-managed which is read-only. In the following example, I've created an HTTP Load Balanacer with the domain \"www.example.f5-cloud-demo.com\" and F5 XC automatically created the A resource record (RR) in the group x-ves-io-managed. \n Scenario 3 – F5 Distributed Cloud DNS: Secondary Nameserver \n In this scenario, say you already have a primary DNS server in your on-prem datacenter, but due to security reasons, you don’t want it to be directly accessible to queries from the Internet. F5 XC DNS can be configured as a secondary DNS server and will both zone transfer (AXFR, IXFR) and receive (NOTIFY) updates from your primary DNS server as needed. To configure F5 XC DNS to be a secondary DNS server, go to Add Zone, then choose Secondary DNS Configuration. Next, View Configuration for it, and add your primary DNS server IP’s. To enhance the security of zone transfers and updates, F5 XC DNS supports TSIG encrypted transfers from the primary DNS server. To support TSIG, ensure your primary DNS server supports encryption, and enable it by entering the pre-shared key (PSK) name and its value. The PSK itself can be blindfold-encrypted in the F5 XC Console to prevent other Console admins from being able to view it. If encryption is desired, simply plug in the remaining details for your TSIG PSK and Apply. \n Once you’ve saved your new secondary DNS configuration, the F5 XC DNS will immediately transfer your zone details and begin resolving queries on the F5 XC Global Network with its pool of Anycast-reachable DNS servers. \n Conclusion \n You’ve just seen how to configure F5 XC DNS both as a primary DNS as well as a secondary DNS service. Ensure the reachability of your company with a robust, secure, and optimized DNS service by F5. A service that delivers the lowest resolution latency with its global Anycast network of nameservers, and one that automatically includes DDoS protection, DNSSEC, TSIG support for secondary DNS. \n Watch the following demo video to see how to configure F5 XC DNS for scenarios #1 and #3 above. \n \n \n \n \n Additional Resources \n For more information about using F5 Distributed Cloud DNS: https://www.f5.com/cloud/products/dns For technical documentation: https://docs.cloud.f5.com/docs/how-to/app-networking/manage-dns-zones DNS Management FAQ: https://f5cloud.zendesk.com/hc/en-us/sections/7057223802519-DNS-Management DNS Demo Guide and step-by-step walkthrough: https://github.com/f5devcentral/f5xc-dns \n BIND to XC-DNS Converter (open source tool): https://github.com/Mikej81/BINDtoXCDNS \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"9601","kudosSumWeight":6,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODhpMzIyQjY5QjQ3RDRDMUExMw?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2NzdpN0ZCNjUwNzgxNzBBOTg1Ng?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2NzhpODUwNDQzMTNBM0U3NkFCNw?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODRpNTg4NUM1NTA1OUFGNDI2Mg?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODdpNDIxMUIxMUNEOTUxNDkxNg?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODFpOTUxOTJGQjUzQ0RCNzI4RA?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjY2MDFpODZDOTgyQzEwOTdDOTdDMg?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w5","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjY2MDBpRTJCMzE5MzdCMjlGODRGQQ?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtUWFYd0RH?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtcWNrM3BM?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMXpibnJM?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxMw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzdpNzA3RURCQTJCOTZBOTc5Mg?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzRpOTFENjkyMzRFRDZFRDlFQQ?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzVpMzI5QjU0MUU4NzJCOEFGMg?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNg","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMjUxMzZpQ0MyRjQ3MUFGQUE2RTlGOA?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxNw","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODVpNkRBQkMxOTI3QzU3MUJCRA?revision=24\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wxOA","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDEzOTMtMTk2ODZpNThCQ0VBMkNEQzQ5NzY5OQ?revision=24\"}"}}],"totalCount":18,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlLzRTQ1cxWmwwYWpjfDB8MjU7MjV8fA","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/4SCW1Zl0ajc","thumbnail":"https://i.ytimg.com/vi/4SCW1Zl0ajc/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:303789":{"__typename":"Conversation","id":"conversation:303789","topic":{"__typename":"TkbTopicMessage","uid":303789},"lastPostingActivityTime":"2024-06-06T12:06:46.261-07:00","solved":false},"User:user:217018":{"__typename":"User","uid":217018,"login":"Cameron_Delano","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yMTcwMTgtMTc1MzZpRjhDN0JBMTNEN0U3RTIyMg"},"id":"user:217018"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjA1NzdpNzI4NUUyQkVFQzA5N0VEQw?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjA1NzdpNzI4NUUyQkVFQzA5N0VEQw?revision=34","title":"CatShadow.png","associationType":"COVER","width":907,"height":907,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NDlpRkEwMzhBMTg4QzQ1MDBGQg?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NDlpRkEwMzhBMTg4QzQ1MDBGQg?revision=34","title":"Screenshot 2023-07-06 at 12.00.34 PM.png","associationType":"BODY","width":1499,"height":463,"altText":"Screenshot 2023-07-06 at 12.00.34 PM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NDhpQjc3RUEyQzk4RDdBNzRCMQ?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NDhpQjc3RUEyQzk4RDdBNzRCMQ?revision=34","title":"Screenshot 2023-07-06 at 11.48.52 AM.png","associationType":"BODY","width":1501,"height":519,"altText":"Screenshot 2023-07-06 at 11.48.52 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NDdpRjkwOTQwMEU0RDg0M0NCQg?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NDdpRjkwOTQwMEU0RDg0M0NCQg?revision=34","title":"Screenshot 2023-07-06 at 11.46.16 AM.png","associationType":"BODY","width":1689,"height":734,"altText":"Screenshot 2023-07-06 at 11.46.16 AM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NTBpRDNBODRDODcxOTMzNEJGNA?revision=34\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NTBpRDNBODRDODcxOTMzNEJGNA?revision=34","title":"Screenshot 2023-07-06 at 12.16.31 PM.png","associationType":"BODY","width":1526,"height":1042,"altText":"Screenshot 2023-07-06 at 12.16.31 PM.png"},"TkbTopicMessage:message:303789":{"__typename":"TkbTopicMessage","subject":"Out of the Shadows: API Discovery and Security","conversation":{"__ref":"Conversation:conversation:303789"},"id":"message:303789","revisionNum":34,"uid":303789,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:217018"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" With F5 Distributed Cloud Web App and API protection security teams can discover, inventory, and secure their critical APIs. Helping bring those rogue Shadow APIs into the light. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":8199},"postTime":"2022-11-07T08:10:26.077-08:00","lastPublishTime":"2024-06-06T12:06:46.261-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" APIs are everywhere \n The connected world runs on APIs. Your banking app uses them, your ride share app uses them, even that weather app you check before walking out the door, it gets that data from an API. We interact with them multiple times throughout our daily life, to do everything from the most essential to the most mundane. They are simply everywhere and more and more are being published every day. \n As you would expect, this proliferation of APIs has marked them as a prime target for malicious actors. In the last couple years there have been quite a few well publicized attacks. From social media to fitness firms, no industry seems to be safe. With recent reports indicating that API vulnerabilities are costing businesses billions of dollars annually, it’s no wonder they are at the top of mind of many cyber security professionals. \n See how F5 is building the most comprehensive API security solution in the industry. \n Documentation and Inventory \n With APIs being such an attractive target for the bad guys, it is important to have a solid process for publishing them. Part of this process is proper documentation of how the API behaves and how it interacts with other APIs. In the case of RESTful APIs, this documentation is done using the OpenAPI aka Swagger specification. With F5 Distributed Cloud Web App and API Protection (XC WAAP), security teams can take that specification file, upload it to the platform, and use it to build a comprehensive inventory of all known APIs, their endpoints, and expected operations (HTTP methods). \n This inventory is then used to build an effective security policy to protect your APIs. But as most of us know, when it comes to deadlines, one of the first things that gets dropped is documentation. You can't protect what you can't see. \n Hidden Vulnerabilities \n In the dark corners of the application landscape lurk the Shadow APIs. These are rogue APIs that are published outside of defined management and security processes and are a prime target for attackers. Whether they are simply undocumented or third-part APIs outside of your control, they are unseen by your security infrastructure and unprotected. These can be a severe risk to an organization, so much so that they have been included in the OWASP API Security project as part of API9:2019 Improper Assets Management. Discovering, inventorying, and protecting these APIs is of critical importance. \n Shining a Light - API Discovery \n The most effective tool we have available to bring these nefarious APIs out of the shadows, is API Discovery. The F5 XC WAAP platform learns the schema structure of the Shadow API by analyzing sampled request data, then reverse-engineering the schema to generates an OpenAPI spec. This can then be ingested and inventoried, just like our properly documented APIs, closing the security loophole. This learning process runs periodically, ensuring the API inventory is as up to date as possible. This doesn't mean we can be lazy in our documentation; it means we can catch things that get missed or are out of our control. \n \n Schema Validation \n Schema validation based on the OpenAPI Specification is a critical component of a robust API security strategy. It ensures that API requests and responses align with the schema defined in our specification, reinforcing data structure conformity and validating input/output data. By implementing schema validation, organizations can bolster the integrity, security, and interoperability of their APIs while proactively addressing potential vulnerabilities. The F5 XC WAAP platform provides flexible configuration options, allowing you to apply schema validation to all or specific endpoints within your API Definition. With multiple enforcement types and a customizable set of properties to validate against your specification, you have granular control over the validation process. Additionally, the platform supports the creation of fall-through rules to effectively handle any shadow APIs that may arise. \n \n Visibility and Dashboards \n In today's dynamic API landscape, maintaining comprehensive visibility into the security posture of your endpoints is paramount. Dashboards play a crucial role in providing this visibility, allowing you to effortlessly monitor and assess the security of your APIs. The F5 XC WAAP platform goes beyond basic API inventory management by offering advanced dashboards that present essential security information based on actual and attack traffic. Within the API Endpoints Dashboard, you gain valuable insights into critical security aspects. You are presented with the Top Attacked APIs by percentage of attacks, Top Sensitive Data types found, Total API calls broken down by response code, and Most Active APIs. In the table view of the inventory, you can easily access information such as discovered sensitive data types, threat levels determined by attack traffic, authentication status, API category, and the risk score assigned by the platform. This consolidated view enables you to quickly identify potential vulnerabilities, prioritize remediation efforts, and make informed decisions to strengthen the overall security posture of your APIs. \n \n The threat cannot be ignored \n We increasingly rely on applications for some of the most important aspects of our lives. Given the sensitive nature of the data that can be exposed by unprotected APIs, the need for effective security cannot be stressed enough. Recent breaches have exposed everything from your credit score to your age, gender, and even how often you work out. Worst of all we have seen unprotected APIs expose Personally Identifiable Information and login credentials of 37 million people. The threat is real and cannot be ignored. \n With F5 Distributed Cloud Web App and API protection security teams can discover, inventory, and secure their critical APIs. Helping you defend your known endpoints and bring those rogue Shadow APIs into the light. \n DevSecOps and F5 Distributed Cloud API Security \n No modern security strategy is complete without incorporating DevSecOps practices. Integrating security into the entire software delivery lifecycle is essential for delivering secure applications with speed and quality. Deploy the API Discovery and Security discussed in this article using Infrastructure as Code and GitHub Actions. The F5 Distributed Cloud WAAP Terraform Examples repository is a great jumping off point for organizations looking to deploy the F5 XC solutions showcased here using DevSecOps practices. \n Deployment Workflow Guides \n Get started with Distributed Cloud runtime API Protection using our deployment guides covering both console and automation workflows. \n Deploy F5 XC API Security on XC Regional Edges \n Deploy F5 XC API Security on XC Regional Edges + AppConnect \n Deploy F5 XC API Security on XC Customer Edges \n Discovery in Action \n \n \n \n Additional Resources \n Deploy F5 Distributed Cloud API Discovery and Security: F5 Distributed Cloud WAAP Terraform Examples GitHub Repo \n Deploy F5 Hybrid Architectures API Discovery and Security: F5 Distributed Cloud Hybrid Security Architectures GitHub Repo \n F5 Distributed Cloud Documentation: F5 Distributed Cloud Terraform Provider Documentation F5 Distributed Cloud Services API Documentation ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"7636","kudosSumWeight":16,"repliesCount":2,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjA1NzdpNzI4NUUyQkVFQzA5N0VEQw?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NDlpRkEwMzhBMTg4QzQ1MDBGQg?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NDhpQjc3RUEyQzk4RDdBNzRCMQ?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NDdpRjkwOTQwMEU0RDg0M0NCQg?revision=34\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDM3ODktMjQ4NTBpRDNBODRDODcxOTMzNEJGNA?revision=34\"}"}}],"totalCount":5,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlL0RuREVjS1NDNEhnP3NpPVFSR2VsdUEwZ3VBY3VuOWx8MHwyNTsyNXx8","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/DnDEcKSC4Hg?si=QRGeluA0guAcun9l","thumbnail":"https://i.ytimg.com/vi/DnDEcKSC4Hg/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:307248":{"__typename":"Conversation","id":"conversation:307248","topic":{"__typename":"TkbTopicMessage","uid":307248},"lastPostingActivityTime":"2024-08-06T14:05:56.956-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjU1MjVpMTJENUVEQTM3RDI0RDVENw?revision=52\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjU1MjVpMTJENUVEQTM3RDI0RDVENw?revision=52","title":"DC-Cover_0007_pavel-neznanov-w95Fb7EEcjE-unsplash.jpg","associationType":"COVER","width":500,"height":500,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=52\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=52","title":"f5xclogo.png","associationType":"BODY","width":100,"height":103,"altText":"f5xclogo.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MjlpQ0FBOUM1MkEyNDFBMUFFQg?revision=52\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MjlpQ0FBOUM1MkEyNDFBMUFFQg?revision=52","title":"OneWAFOV-v2.jpg","associationType":"BODY","width":1920,"height":1080,"altText":"OneWAFOV-v2.jpg"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MzNpOTE3OUQwMDlFMDNEREZEOA?revision=52\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MzNpOTE3OUQwMDlFMDNEREZEOA?revision=52","title":"OneWAF-v2.jpeg","associationType":"BODY","width":3303,"height":2501,"altText":"OneWAF-v2.jpeg"},"TkbTopicMessage:message:307248":{"__typename":"TkbTopicMessage","subject":"F5 Hybrid Security Architectures: One WAF Engine, Total Flexibility (Intro)","conversation":{"__ref":"Conversation:conversation:307248"},"id":"message:307248","revisionNum":52,"uid":307248,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:217018"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Layered security, we have been told for years that the most effective security strategy is composed of multiple, loosely coupled or independent layers of security controls. A WAF fits snuggly into the technical security controls area and has long been known as an essential piece of application security. What if we take this further and apply the layered approach directly to our WAF deployment? The F5 Hybrid Security Architectures explores this approach utilizing F5's best in class WAF products. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":7999},"postTime":"2023-01-17T08:26:35.354-08:00","lastPublishTime":"2024-08-06T14:05:56.956-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Flexibility and Security: \n When Security engineers and architects think of application security deployments in distributed environments, one of the challenges they face is balancing the rigidity of security with the flexibility that modern applications require. Often while performing this balancing act, we err toward rigidity. Still, when it comes to designing a security strategy focused on protecting as many application architectures as possible, flexibility is critical. As much as these two traits seem at odds with one another, the number of applications deployed by organizations requires them to coexist. \n Unprecedented growth trends are happening in the world of application deployment, including the types of environments. Whether it’s public or private cloud, on-premises, collocated, or at the edge, each application will have a set of standard and individual security needs. All applications require protections for the App and API OWASP Top 10, L3-7 DoS, Fraud and Bot Defense. Additionally, each has specific requirements related to its use case, infrastructure, and language. Your strategy and architecture are going to need to account for this diversity. Doing so should help accomplish or accelerate your security initiatives and may also help you reduce overall total cost due to architectural flexibility. \n \n Learn more about the associated challenges with hybrid and multi-cloud security. \n \n Defense in Depth: \n Layered security, we have been told for years that the most effective security strategy is composed of multiple, loosely coupled or independent layers of security controls. We need to know that if one of our layers fails or is compromised, another layer in the strategy will still provide us with the protection our applications require. A WAF fits snugly into the technical security controls area and has long been known as an essential piece of application security. What if we take this further and apply the layered approach directly to our WAF deployment? Let's look at some of our current WAF deployment strategies and what this layered approach might look like. \n Deploying a scalable, easily managed WAF at the edge allows us to block malicious traffic outside our perimeter. This is where F5's Distributed Cloud WAF fits into the picture. It gives a common security posture for all our applications no matter where they reside in our overall architecture, accounting for some of that environmental diversity we mentioned before. It also provides a foundation for a multi-cloud strategy. Additionally, it has the added value of lowering costs by blocking the traffic before it reaches an area where we incur costs for network usage. This all sounds great, but aren't we also supposed to be shifting security left? \n Integrating security into every stage of the development pipeline and moving security solutions away from the perimeter by placing tailored granular security as close to the application as possible is a key part of shifting left. Products like NGINX App Protect and BIG-IP Advanced WAF are perfect for this type of deployment. Whether it's hardware in the data center, virtual edition in public or private cloud, or a lightweight platform agnostic solution protecting your essential microservices, these products help to shift that security left. This gives the ability to meet the specific security needs of our essential apps, allowing us to account for some of that language and use case diversity. \n Both capabilities are critical to a comprehensive security strategy that meets the needs of the security teams, while providing the flexibility developers require. Luckily, both capabilities are complimentary, not mutually exclusive. We can deploy these without added complexity due to each product having the same core. That core or engine at the heart of all our WAF products is the foundation for this article series. It's what I mean when I say “one WAF engine, total flexibility.” \n One WAF Engine != One WAF \n When we started this project, there was some confusion about what we meant by One WAF Engine. For anyone familiar with the F5 product portfolio, it is plainly apparent we do not have “One WAF”. All these options being available allows us to be more flexible and plays a vital role in this project. So, what is it we mean? \n The engine at the foundation of the entire F5 WAF portfolio is based on the best-in-class efficacy and performance of our BIG-IP based Advanced WAF. This gives application security teams the ability to choose the best deployment option that matches the specific needs of their applications without sacrificing policy familiarity and portability. Organizations can employ: \n \n BIG-IP Advanced WAF, available for on-premises / data center and public or private cloud (virtual edition) deployment, for robust, high-performance web application and API security with granular, self-managed controls. \n F5 NGINX App Protect WAF for a lightweight software security solution that provides high-performance, low-latency, and platform-agnostic deployments for modern, microservices-based applications and containers. \n F5 Distributed Cloud WAF for SaaS-based deployments in a distributed environment that reduces operational overhead with an optional fully managed service. \n \n Each of these products support deployment patterns that both stand on their own and complement each other. The architectures shown in this article series will primarily focus on that complimentary aspect of the portfolio, with occasional forays into the singular deployment pattern. \n DevSecOps: \n No modern security strategy is complete without incorporating DevSecOps practices. Integrating security into the entire software delivery lifecycle is essential for delivering secure applications with speed and quality. This project aims to account for those practices by utilizing F5’s fully supported APIs and tooling. Each architecture will include a GitHub repo with IAC code, examples of integration into a CI/CD pipeline, and telemetry options. \n Resources: \n F5 Hybrid Security Architectures GitHub Repo and Guide \n Article Series: \n F5 Hybrid Security Architectures: One WAF Engine, Total Flexibility (Intro) F5 Hybrid Security Architectures (Part 1 - F5's Distributed Cloud WAF and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF) F5 Hybrid Security Architectures (Part 3 - F5 XC API Protection and NGINX Ingress Controller) F5 Hybrid Security Architectures (Part 4 - F5 XC BOT and DDoS Defense and BIG-IP Advanced WAF) F5 Hybrid Security Architectures (Part 5 - F5 XC, BIG-IP APM, CIS, and NGINX Ingress Controller) Minimizing Security Complexity: Managing Distributed WAF Policies \n \n For further information or to get started: \n \n F5 Distributed Cloud Platform (Link) \n F5 Distributed Cloud WAAP Services (Link) \n F5 Distributed Cloud WAAP YouTube series (Link) \n F5 Distributed Cloud WAAP Get Started (Link) \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"7291","kudosSumWeight":11,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjU1MjVpMTJENUVEQTM3RDI0RDVENw?revision=52\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=52\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MjlpQ0FBOUM1MkEyNDFBMUFFQg?revision=52\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDcyNDgtMjE0MzNpOTE3OUQwMDlFMDNEREZEOA?revision=52\"}"}}],"totalCount":4,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:292187":{"__typename":"Conversation","id":"conversation:292187","topic":{"__typename":"TkbTopicMessage","uid":292187},"lastPostingActivityTime":"2024-06-06T08:50:43.194-07:00","solved":false},"User:user:166012":{"__typename":"User","uid":166012,"login":"Kyle_Roberts","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xNjYwMTItMjI2ODJpOTI3MDRGRDc2QjVCMDFDQg"},"id":"user:166012"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTIxODctMjM0MTRpOEUzMkZFOEQ0ODIzRUUzRQ?revision=26\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTIxODctMjM0MTRpOEUzMkZFOEQ0ODIzRUUzRQ?revision=26","title":"DCCover-_0006_daniel-pascoa-tjiPN3e45WE-unsplash.jpg","associationType":"COVER","width":500,"height":500,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTIxODctMTY2MDhpN0NENTUzMjVDMjYwRjk4OA?revision=26\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTIxODctMTY2MDhpN0NENTUzMjVDMjYwRjk4OA?revision=26","title":"Screen Shot 2022-01-24 at 2.55.26 PM.png","associationType":"BODY","width":1664,"height":748,"altText":"Screen Shot 2022-01-24 at 2.55.26 PM.png"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTIxODctMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=26\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTIxODctMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=26","title":"f5xclogo.png","associationType":"BODY","width":100,"height":103,"altText":"f5xclogo.png"},"TkbTopicMessage:message:292187":{"__typename":"TkbTopicMessage","subject":"F5 Distributed Cloud Bot Defense (Overview and Demo)","conversation":{"__ref":"Conversation:conversation:292187"},"id":"message:292187","revisionNum":26,"uid":292187,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:166012"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":7599},"postTime":"2022-03-03T09:00:00.028-08:00","lastPublishTime":"2024-06-06T08:50:43.194-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n What is Distributed Cloud Bot Defense? \n Distributed Cloud Bot Defense protects your web properties from automated attacks by identifying and mitigating malicious bots. Bot Defense uses JavaScript and API calls to collect telemetry and mitigate malicious users within the context of the Distributed Cloud global network. \n Bot Defense can easily be integrated into existing applications in a number of ways. For applications already routing traffic through Distributed Cloud Mesh Service, Bot Defense is natively integrated into your Distributed Cloud Mesh HTTP load balancers. This integration allows you to configure the Bot Defense service through the HTTP load balancer's configuration in the Distributed Cloud Console. For other applications, connectors are available for several common insertion points that likely already exist in modern application architectures. \n Once Bot Defense is enabled and configured, you can view and filter traffic and transaction statistics on the Bot Defense dashboard in Distributed Cloud Console to see which users are malicious and how they’re being mitigated. \n F5 Distributed Cloud Bot Defense is an advanced add-on security feature included in the first launch of the F5 Web Application and API Protection (WAAP) service with seamless integration to protect your web apps and APIs from a wide variety of attacks in real-time. \n High Level Distributed Cloud Security Architecture \n \n Bot Defense Demo: \n In this technical demonstration video we will walk through F5 Distributed Cloud Bot Defense, showing you how quick and easy it is to configure, the insights and visibility you have while demonstrating a couple of real attacks with Selenium and Python browser automation. \n \n \n \n \n \"Nature is a mutable cloud, which is always and never the same.\" - Ralph Waldo Emerson \n We might not wax that philosophically around here, but our heads are in the cloud nonetheless! Join the F5 Distributed Cloud user group today and learn more with your peers and other F5 experts. \n \n Hope you enjoyed this Distributed Cloud Bot Defense Overview and Demo. If there are any comments or questions please feel free to reach us in the comments section. Thanks! \n Related Resources: \n \n Deploy Bot Defense on any Edge with F5 Distributed Cloud (SaaS Console, Automation) \n Protecting Your Web Applications Against Critical OWASP Automated Threats \n Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator \n JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo) \n Bots, Fraud, and the OWASP Automated Threats Project (Overview) \n Protecting Your Native Mobile Apps with F5 XC Mobile App Shield \n Enabling F5 Distributed Cloud Client-Side Defense in BIG-IP 17.1 \n Bot Defense for Mobile Apps in XC WAAP Part 1: The Bot Defense Mobile SDK \n F5 Distributed Cloud WAAP \n Distributed Cloud Services Overview \n Enable and Configure Bot Defense - F5 Distributed Cloud Service \n \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"2998","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTIxODctMjM0MTRpOEUzMkZFOEQ0ODIzRUUzRQ?revision=26\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTIxODctMTY2MDhpN0NENTUzMjVDMjYwRjk4OA?revision=26\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0yOTIxODctMjA0MTJpQ0JCN0FGQjI5MzBFN0VDOQ?revision=26\"}"}}],"totalCount":3,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3d3dy55b3V0dWJlLmNvbS93YXRjaD92PXFvZlFvelRwcW80Jmxpc3Q9UEx5cWdhN0FYTXRQTTA0V0FicG5kVm5CclRpSUhGM1Y3ZyZpbmRleD0yfDB8MjU7MjV8fA","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://www.youtube.com/watch?v=qofQozTpqo4&list=PLyqga7AXMtPM04WAbpndVnBrTiIHF3V7g&index=2","thumbnail":"https://i.ytimg.com/vi/qofQozTpqo4/hqdefault.jpg","uploading":false,"height":240,"width":320,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:303142":{"__typename":"Conversation","id":"conversation:303142","topic":{"__typename":"TkbTopicMessage","uid":303142},"lastPostingActivityTime":"2023-02-07T10:30:03.247-08:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTBpMjlDRkVGMDg0MzA4NTIxMg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTBpMjlDRkVGMDg0MzA4NTIxMg?revision=10","title":"ruth-paradis-yhPIRUOdHVs-unsplash.jpg","associationType":"COVER","width":4608,"height":3072,"altText":""},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTFpMTM2MEFGNjUxQ0UwMjcwMg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTFpMTM2MEFGNjUxQ0UwMjcwMg?revision=10","title":"Slide2.jpeg","associationType":"BODY","width":1920,"height":1080,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTJpNjM4QzBCQ0I3OUJDNzQ5RQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTJpNjM4QzBCQ0I3OUJDNzQ5RQ?revision=10","title":"Slide4.jpeg","associationType":"BODY","width":1920,"height":1080,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTNpMkJGQUEzQzkxRDg0MzkzMQ?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTNpMkJGQUEzQzkxRDg0MzkzMQ?revision=10","title":"Slide5.jpeg","associationType":"BODY","width":1920,"height":1080,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTRpQTNCRTYxOTk5OERFOEE4Rg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTRpQTNCRTYxOTk5OERFOEE4Rg?revision=10","title":"CDN-WAAP-Step2 DNS.png","associationType":"BODY","width":1920,"height":1080,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTVpQ0VFODE1N0Q2OEZGMTNCOA?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTVpQ0VFODE1N0Q2OEZGMTNCOA?revision=10","title":"CDN-WAAP-1.jpg","associationType":"BODY","width":1316,"height":314,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTZpQzA1RTdDQTI3QjVDMjhDNg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTZpQzA1RTdDQTI3QjVDMjhDNg?revision=10","title":"CDN-WAAP-Step4.png","associationType":"BODY","width":1920,"height":1080,"altText":null},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTdpOTNBREM0RUM4QjQwMEZCRg?revision=10\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTdpOTNBREM0RUM4QjQwMEZCRg?revision=10","title":"CDN-WAAP-Step5.png","associationType":"BODY","width":1920,"height":1080,"altText":null},"TkbTopicMessage:message:303142":{"__typename":"TkbTopicMessage","subject":"Use F5 Distributed Cloud to service chain WAAP and CDN","conversation":{"__ref":"Conversation:conversation:303142"},"id":"message:303142","revisionNum":10,"uid":303142,"depth":0,"board":{"__ref":"Tkb:board:TechnicalArticles"},"author":{"__ref":"User:user:418292"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":7399},"postTime":"2022-11-01T09:00:00.015-07:00","lastPublishTime":"2023-02-07T10:30:03.247-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n The Content Delivery Network (CDN) market has become increasingly commoditized. Many providers have augmented their CDN capabilities with WAFs/WAAPs, DNS, load balancing, edge compute, and networking. Managing all these solutions together creates a web of operational complexity, which can be confusing. \n F5’s synergistic bundling of CDN with Web Application and API Protection (WAAP) benefits those looking for simplicity and ease of use. It provides a way around the complications and silos that many resource-strapped organizations face with their IT systems. \n This bundling also signifies how CDN has become a commodity product often not purchased independently anymore. This trend is encouraging many competitors to evolve their capabilities to include edge computing – a space where F5 has gained considerable experience in recent years. \n F5 is rapidly catching up to other providers’ CDNs. F5’s experience and leadership building the world’s best-of-breed Application Delivery Controller (ADC), the BIG-IP load balancer, put it in a unique position to offer the best application delivery and security services directly at the edge with many of its CDN points of presence. With robust regional edge capabilities and a global network, F5 has entered the CDN space with a complementary offering to an already compelling suite of features. This includes the ability to run microservices and Kubernetes workloads anywhere, with a complete range of services to support app infrastructure deployment, scale, and lifecycle management all within a single management console. \n \n \n With advancements made in the application security space at F5, WAAP capabilities are directly integrated into the Distributed Cloud Platform to protect both web apps and APIs. Features include (yet not limited to): \n \n Web Application Firewall: Signature + Behavioral WAF functionality \n Bot Defense: Detect client signals, determining if clients are human or automated \n DDoS Mitigation: Fully managed by F5 \n API Security: Continuous inspection and detection of shadow APIs \n \n Solution \n Combining the Distributed Cloud WAAP with CDN as a form of service chaining is a straightforward process. This not only gives you the best security protection for web apps and APIs, but also positions apps regionally to deliver them with low latency and minimal compute per request. \n In the following solution, we’ve combined Distributed Cloud WAAP and CDN to globally deliver an app protected by a WAF policy from the closest regional point of presence to the user. Follow along as I demonstrate how to configure the basic elements. \n \n Configuration \n \n Log in to the Distributed Cloud Console and navigate to the DNS Management service. Decide if you want Distributed Cloud to manage the DNS zone as a Primary DNS server or if you’d rather delegate the fully qualified domain name (FQDN) for your app to Distributed Cloud with a CNAME. While using Delegation or Managed DNS is optional, doing so makes it possible for Distributed Cloud to automatically create and manage the SSL certificates needed to securely publish your app. \n \n Next, in Distributed Cloud Console, navigate to the Web App and API Protection service, then go to App Firewall, then Add App Firewall. This is where you’ll create the security policy that we’ll later connect our HTTP LB. Let’s use the following basic WAF policy in YAML format, you can paste it directly in to the Console by changing the configuration view to JSON and then changing the format to YAML. Note: This uses the namespace “waap-cdn”, change this to match your individual tenant’s configuration. \n metadata:\n name: buytime-waf\n namespace: waap-cdn\n labels: {}\n annotations: {}\n disable: false\nspec:\n blocking: {}\n detection_settings:\n signature_selection_setting:\n default_attack_type_settings: {}\n high_medium_low_accuracy_signatures: {}\n enable_suppression: {}\n enable_threat_campaigns: {}\n default_violation_settings: {}\n bot_protection_setting:\n malicious_bot_action: BLOCK\n suspicious_bot_action: REPORT\n good_bot_action: REPORT\n allow_all_response_codes: {}\n default_anonymization: {}\n use_default_blocking_page: {} \n With the WAF policy saved, it’s time to configure the origin server. Navigate to Load Balancers > Origin Pools, then Add Origin Pool. The following YAML uses a FQDN DNS name reach the app server. Using an IP address for the server is possible as well. \n metadata:\n name: buytime-pool\n namespace: waap-cdn\n labels: {}\n annotations: {}\n disable: false\nspec:\n origin_servers:\n - public_name:\n dns_name: webserver.f5-cloud-demo.com\n labels: {}\n no_tls: {}\n port: 80\n same_as_endpoint_port: {}\n healthcheck: []\n loadbalancer_algorithm: LB_OVERRIDE\n endpoint_selection: LOCAL_PREFERRED \n With the supporting WAF and Origin Pool resources configured, it’s time to create the HTTP Load Balancer. Navigate to Load Balancers > HTTP Load Balancers, then create a new one. Use the following YAML to create the LB and use both resources created above. \n metadata:\n name: buytime-online\n namespace: waap-cdn\n labels: {}\n annotations: {}\n disable: false\nspec:\n domains:\n - buytime.waap.f5-cloud-demo.com\n https_auto_cert:\n http_redirect: true\n add_hsts: true\n port: 443\n tls_config:\n default_security: {}\n no_mtls: {}\n default_header: {}\n enable_path_normalize: {}\n non_default_loadbalancer: {}\n header_transformation_type:\n default_header_transformation: {}\n advertise_on_public_default_vip: {}\n default_route_pools:\n - pool:\n tenant: your-tenant-uid\n namespace: waap-cdn\n name: buytime-pool\n kind: origin_pool\n weight: 1\n priority: 1\n endpoint_subsets: {}\n routes: []\n app_firewall:\n tenant: your-tenant-uid\n namespace: waap-cdn\n name: buytime-waf\n kind: app_firewall\n add_location: true\n no_challenge: {}\n user_id_client_ip: {}\n disable_rate_limit: {}\n waf_exclusion_rules: []\n data_guard_rules: []\n blocked_clients: []\n trusted_clients: []\n ddos_mitigation_rules: []\n service_policies_from_namespace: {}\n round_robin: {}\n disable_trust_client_ip_headers: {}\n disable_ddos_detection: {}\n disable_malicious_user_detection: {}\n disable_api_discovery: {}\n disable_bot_defense: {}\n disable_api_definition: {}\n disable_ip_reputation: {}\n disable_client_side_defense: {}\nresource_version: \"517528014\" \n With the HTTP LB successfully deployed, check that its status is ready on the status page. \n \n You can verify the LB is working by sending a basic request using the command line tool, curl. Confirm that the value of the HTTP header “Server” is “volt-adc”. \n da.potter@lab ~ % curl -I https://buytime.waap.f5-cloud-demo.com\nHTTP/2 200 \ndate: Mon, 17 Oct 2022 23:23:55 GMT\ncontent-type: text/html; charset=UTF-8\ncontent-length: 2200\nvary: Origin\naccess-control-allow-credentials: true\naccept-ranges: bytes\ncache-control: public, max-age=0\nlast-modified: Wed, 24 Feb 2021 11:06:36 GMT\netag: W/\"898-177d3b82260\"\nx-envoy-upstream-service-time: 136\nstrict-transport-security: max-age=31536000\nset-cookie: 1f945=1666049035840-557942247; Path=/; Domain=f5-cloud-demo.com; Expires=Sun, 17 Oct 2032 23:23:55 GMT\nset-cookie: 1f9403=viJrSNaAp766P6p6EKZK7nyhofjXCVawnskkzsrMBUZIoNQOEUqXFkyymBAGlYPNQXOUBOOYKFfs0ne+fKAT/ozN5PM4S5hmAIiHQ7JAh48P4AP47wwPqdvC22MSsSejQ0upD9oEhkQEeTG1Iro1N9sLh+w+CtFS7WiXmmJFV9FAl3E2; path=/\nx-volterra-location: wes-sea\nserver: volt-adc \n Now it’s time to configure the CDN Distribution and service chain it to the WAAP HTTP LB. Navigate to Content Delivery Network > Distributions, then Add Distribution. The following YAML creates a basic CDN configuration that uses the WAAP HTTP LB above. \n metadata:\n name: buytime-cdn\n namespace: waap-cdn\n labels: {}\n annotations: {}\n disable: false\nspec:\n domains:\n - buytime.f5-cloud-demo.com\n https_auto_cert:\n http_redirect: true\n add_hsts: true\n tls_config:\n tls_12_plus: {}\n add_location: false\n more_option:\n cache_ttl_options:\n cache_ttl_override: 1m\n origin_pool:\n public_name:\n dns_name: buytime.waap.f5-cloud-demo.com\n use_tls:\n use_host_header_as_sni: {}\n tls_config:\n default_security: {}\n volterra_trusted_ca: {}\n no_mtls: {}\n origin_servers:\n - public_name:\n dns_name: buytime.waap.f5-cloud-demo.com\n follow_origin_redirect: false\nresource_version: \"518473853\" \n After saving the configuration, verify that the status is “Active”. You can confirm the CDN deployment status for each individual region by going to the distribution’s action button “Show Global Status”, and scrolling down to each region to see that each region’s “site_status.status” value is “DEPLOYMENT_STATUS_DEPLOYED”. \n \n Verification \n With the CDN Distribution successfully deployed, it’s possible to confirm with the following basic request using curl. Take note of the two HTTP headers “Server” and “x-cache-status”. The Server value will now be “volt-cdn”, and the x-cache-status will be “MISS” for the first request. \n da.potter@lab ~ % curl -I https://buytime.f5-cloud-demo.com \nHTTP/2 200 \ndate: Mon, 17 Oct 2022 23:24:04 GMT\ncontent-type: text/html; charset=UTF-8\ncontent-length: 2200\nvary: Origin\naccess-control-allow-credentials: true\naccept-ranges: bytes\ncache-control: public, max-age=0\nlast-modified: Wed, 24 Feb 2021 11:06:36 GMT\netag: W/\"898-177d3b82260\"\nx-envoy-upstream-service-time: 63\nstrict-transport-security: max-age=31536000\nset-cookie: 1f945=1666049044863-471593352; Path=/; Domain=f5-cloud-demo.com; Expires=Sun, 17 Oct 2032 23:24:04 GMT\nset-cookie: 1f9403=aCNN1JINHqvWPwkVT5OH3c+OIl6+Ve9Xkjx/zfWxz5AaG24IkeYqZ+y6tQqE9CiFkNk+cnU7NP0EYtgGnxV0dLzuo3yHRi3dzVLT7PEUHpYA2YSXbHY6yTijHbj/rSafchaEEnzegqngS4dBwfe56pBZt52MMWsUU9x3P4yMzeeonxcr; path=/\nx-volterra-location: dal3-dal\nserver: volt-cdn\nx-cache-status: MISS\nstrict-transport-security: max-age=31536000 \n To see a security violation detected by the WAF in real-time, you can simulate a simple XSS exploit with the following curl: \n da.potter@lab ~ % curl -Gv \"https://buytime.f5-cloud-demo.com?<script>('alert:XSS')</script>\"\n* Trying x.x.x.x:443...\n* Connected to buytime.f5-cloud-demo.com (x.x.x.x) port 443 (#0)\n* ALPN, offering h2\n* ALPN, offering http/1.1\n* successfully set certificate verify locations:\n* CAfile: /etc/ssl/cert.pem\n* CApath: none\n* (304) (OUT), TLS handshake, Client hello (1):\n* (304) (IN), TLS handshake, Server hello (2):\n* TLSv1.2 (IN), TLS handshake, Certificate (11):\n* TLSv1.2 (IN), TLS handshake, Server key exchange (12):\n* TLSv1.2 (IN), TLS handshake, Server finished (14):\n* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):\n* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):\n* TLSv1.2 (OUT), TLS handshake, Finished (20):\n* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):\n* TLSv1.2 (IN), TLS handshake, Finished (20):\n* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384\n* ALPN, server accepted to use h2\n* Server certificate:\n* subject: CN=buytime.f5-cloud-demo.com\n* start date: Oct 14 23:51:02 2022 GMT\n* expire date: Jan 12 23:51:01 2023 GMT\n* subjectAltName: host \"buytime.f5-cloud-demo.com\" matched cert's \"buytime.f5-cloud-demo.com\"\n* issuer: C=US; O=Let's Encrypt; CN=R3\n* SSL certificate verify ok.\n* Using HTTP2, server supports multiplexing\n* Connection state changed (HTTP/2 confirmed)\n* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0\n* Using Stream ID: 1 (easy handle 0x14f010000)\n> GET /?<script>('alert:XSS')</script> HTTP/2\n> Host: buytime.f5-cloud-demo.com\n> user-agent: curl/7.79.1\n> accept: */*\n> \n* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!\n< HTTP/2 200 \n< date: Sat, 22 Oct 2022 01:04:39 GMT\n< content-type: text/html; charset=UTF-8\n< content-length: 269\n< cache-control: no-cache\n< pragma: no-cache\n< set-cookie: 1f945=1666400679155-452898837; Path=/; Domain=f5-cloud-demo.com; Expires=Fri, 22 Oct 2032 01:04:39 GMT\n< set-cookie: 1f9403=/1b+W13c7xNShbbe6zE3KKUDNPCGbxRMVhI64uZny+HFXxpkJMsCKmDWaihBD4KWm82reTlVsS8MumTYQW6ktFQqXeFvrMDFMSKdNSAbVT+IqQfSuVfVRfrtgRkvgzbDEX9TUIhp3xJV3R1jdbUuAAaj9Dhgdsven8FlCaADENYuIlBE; path=/\n< x-volterra-location: dal3-dal\n< server: volt-cdn\n< x-cache-status: MISS\n< strict-transport-security: max-age=31536000\n< \n<html><head><title>Request Rejected</title></head>\n<body>The requested URL was rejected. Please consult with your administrator.<br/><br/>\nYour support ID is 85281693-eb72-4891-9099-928ffe00869c<br/><br/><a href='javascript:history.back();'>[Go Back]</a></body></html>\n* Connection #0 to host buytime.f5-cloud-demo.com left intact \n Notice that the above request intentionally by-passes the CDN cache and is sent to the HTTP LB for the WAF policy to inspect. With this request rejected, you can confirm the attack by navigating to the WAAP HTTP LB Security page under the WAAP Security section within Apps & APIs. After refreshing the page, you’ll see the security violation under the “Top Attacked” panel. \n \n Demo \n To see all of this in action, watch my video below. This uses all of the configuration details above to make a WAAP + CDN service chain in Distributed Cloud. \n \n Additional Guides \n Virtually deploy this solution in our product simulator, or hands-on with step-by-step comprehensive demo guide. The demo guide includes all the steps, including those that are needed prior to deployment, so that once deployed, the solution works end-to-end without any tweaks to local DNS. The demo guide steps can also be automated with Ansible, in case you'd either like to replicate it or simply want to jump to the end and work your way back. \n Conclusion \n This shows just how simple it can be to use the Distributed Cloud CDN to frontend your web app protected by a WAF, all natively within the F5 Distributed Cloud’s regional edge POPs. The advantage of this solution should now be clear – the Distributed Cloud CDN is cloud-agnostic, flexible, agile, and you can enforce security policies anywhere, regardless of whether your web app lives on-prem, in and across clouds, or even at the edge. \n For more information about Distributed Cloud WAAP and Distributed Cloud CDN, visit the following resources: Product website: https://www.f5.com/cloud/products/cdn Distributed Cloud CDN & WAAP Demo Guide: https://github.com/f5devcentral/xcwaapcdnguide Video: https://youtu.be/OUD8R6j5Q8o Simulator: https://simulator.f5.com/s/waap-cdn Demo Guide: https://github.com/f5devcentral/xcwaapcdnguide \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"14788","kudosSumWeight":10,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wx","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTBpMjlDRkVGMDg0MzA4NTIxMg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wy","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTFpMTM2MEFGNjUxQ0UwMjcwMg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3wz","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTJpNjM4QzBCQ0I3OUJDNzQ5RQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w0","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTNpMkJGQUEzQzkxRDg0MzkzMQ?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w1","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTRpQTNCRTYxOTk5OERFOEE4Rg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w2","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTVpQ0VFODE1N0Q2OEZGMTNCOA?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w3","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTZpQzA1RTdDQTI3QjVDMjhDNg?revision=10\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjQuMTF8Mi4xfG98MjV8X05WX3w4","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMDMxNDItMjAxOTdpOTNBREM0RUM4QjQwMEZCRg?revision=10\"}"}}],"totalCount":8,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[{"__typename":"VideoEdge","cursor":"MHxodHRwczovL3lvdXR1LmJlL09VRDhSNmo1UThvfDB8MjU7MjV8fA","node":{"__typename":"AssociatedVideo","videoTag":{"__typename":"VideoTag","vid":"https://youtu.be/OUD8R6j5Q8o","thumbnail":"https://i.ytimg.com/vi/OUD8R6j5Q8o/hqdefault.jpg","uploading":false,"height":338,"width":600,"title":null},"videoAssociationType":"INLINE_BODY"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1728320186000","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/community/Navbar-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1728320186000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1728320186000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1728320186000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1728320186000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1728320186000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1728320186000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1728320186000","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the communtiy","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1728320186000","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1728320186000","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1728320186000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1728320186000","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1728320186000","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1728320186000","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1728320186000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1728320186000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1728320186000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1728320186000","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1728320186000","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1728320186000","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1728320186000","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1728320186000","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1728320186000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1728320186000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1728320186000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"messages.widget.messagelistfornodebyrecentactivitywidget-tab-main-messages-list-for-tag-widget-0":"mostViewed","nodeId":"board:TechnicalArticles","tagName":"F5 Distributed Cloud"},"buildId":"OKtI0OLKuXmERTJKBVqYX","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"f5","openTelemetryServiceVersion":"24.11.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/customComponent/CustomComponent/CustomComponent.tsx","./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/tags/TagsHeaderWidget/TagsHeaderWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/tags/TagSubscriptionAction/TagSubscriptionAction.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","../shared/client/components/common/Pager/PagerLoadMore/PagerLoadMore.tsx"],"appGip":true,"scriptLoader":[]}