iRule http host with wildcard domain
Hi, I want to ask a question. I want to limit the http::host wildcard domain in iRule. Allow *.domain.com, but disallow *.*.domain.com. Such as if http::host is a.aaa.com or b.aaa.com, then go on. If http::host is a.b.domain.com or or b.c.d.domain.com, then drop. How could I do that?Solved69Views0likes8CommentsNode/server is not showing on F5
Hello all , I am new in F5 and want to understand things how it is running on F5 While tracing a server it is showing me behind F5 with a vlan but when i logged to F5 and search this server in node list it is not showing there. So , be curious why this server is not showing there. bash-2.03$ traceroute 10.52.24.20 traceroute to 10.52.24.20 (10.62.34.20), 30 hops max, 40 byte packets 1 1xx.xx.xxx.249 (1xx.xx.xxx.249) 0.717 ms 0.540 ms 0.584 ms 2 10.xx.xx.129 (10.xx.xxx.129) 0.434 ms 0.343 ms 10.xx.xxx.133 (10.xx.xxx.133) 0.342 ms 3 10.xxx.x.26 (10.xx.x.26) 0.572 ms 0.481 ms 0.472 ms 4 services-s.itsec.asb (10.xx.x.xx) 0.826 ms 0.887 ms 0.717 ms 5 abc-dcg-lbs-03_v528.noc.xyz.com (10.62.32.13) 0.944 ms 0.907 ms 11.329 ms <<------------- F5 and vlan 6 mnops09-pr.wby1-stg.abc.com (10.52.24.20) 1.323 ms 1.654 ms 1.469 ms ============= output (tmos)# show ltm node 10.52.24.20 01020036:3: The requested Node (/Common/10.52.24.20) was not found.91Views0likes1CommentARP issues between Nexus 7K and F5 LTM
Hi Team, We have faced a weird issue in our environment. issue: loadbalancer-1 failedover to Load balancer-2. Whereas all the production traffic flow did not failover properly to load balancer-2 for around 25 minutes. After 25 minutes load balancer-2 started getting production traffic to the VIPs. Does anyone have experienced similar ARP issue between F5 LTM and Nexus 7K at the time of fail-over? Is there any workaround to this issue meaning any configuration change on LTM and the time of issue? Is there any configuration change on LTM which would help to trigger GARP request two or three time to the upstream N7K? Regards, Thiyagu534Views0likes2CommentsLTM log suppressing messages
Hello F5 users, I've a question/issue on F5 logging HTTP requests to LTM log. Maybe someone can explain it ;-) In the past, I created a simple iRule for logging based on https://my.f5.com/manage/s/article/K42210592. (for troubleshooting) For my understanding then I should see any GET/POST request in my LTM log. BUT if I compare the count of GET requests on client browser side (developer tools) and the LTM logs ----> it doesn't match. The LTM logs much less requests. I know there is a limitation of 1024 bytes per request. But each client side request should be a new request for F5 (at least that's what I think). Could that be another log limitation? Thanks for you help.17Views0likes1CommentIncosistent forwarding of HTTP/2 connections with layered virtual
Hi, I'm using a layered virtual configuration: Tier1: Virtual applying SNI-Routing (only SSL persistence profile and LTM policy as described in https://www.devcentral.f5.com/kb/technicalarticles/sni-routing-with-big-ip/282018) Tier2: Virtual applies SSL termination and delivering the actual application, with the required profiles, iRules, .... If the required, an additional LTM policy is applied for URI-based routing and forwards to Tier3 VS. Tier3 (optional, if required): Virtual delivers specific applications, like microservices, usually no monolithical apps. This configuration is very robust and I'm working with it successfully since years. Important: The tier1 uses one single IP address and a single port. So all tier2 and tier3 virtuals MUST be externally available through the same IP address and port. Now I have to publish the first HTTP/2 applications over this concept and see strange behavior of the BIG-IP. User requests www.example.com. IP and port point to tier1 virtual. Tier1 LTM policy forwards the requests, based on the SNI, to tier2 virtuals "vs-int_www.example.com". Within www.example.com there are references to piwik.example.com, which is another tier2 virtual, behind my tier1 virtual. User requests piwik.example.com. IP and port point to tier1 virtual. Tier1 LTM policy forwards the requests to "vs-int_www.example.com" instead of "vs-int_piwik.example.com". Probably not based on SNI, but on the existing TCP connection. I'm afraid, that this bahvior is a result of HTTP/2, especially because of the persistent TCP connection. I assume that, because the connection ID (gathered from browser devtools) for requests to www.example.com and piwik.example.com is identical. From the perspective of the browser I wouldn't expect such a behavior, because the target hostname differs. I didn't configure HTTP/2 in full-proxy mode, as described in several articles. I've just enabled it on the client-side. I would be very happy for any input on that. Thanks in advance!164Views0likes11CommentsRedirect iRule differences...
We have a situation where we need to redirect users from one domain to another and had been using Method 1 ( shown below ) of redirection via iRule. It was recently brought to our attention by our web team that the way we were doing the redirects for one of their sites in particular was "really bad" for SEO and we ended up making them happy with doing it via Method 2 ( shown below ). While my team officially maintains our BIG-IP's, we are not network/web savvy and don't really understand the difference here. We have a new site that needs to be redirected and we are not sure which method to use. Would someone please explain in what cases you would use one over the other. Thanks. Method 1 when HTTP_REQUEST { if { [HTTP::host] eq "website1.com" } { HTTP::redirect https://websitesite2.com } } Method 2 when HTTP_REQUEST { if { ([string tolower [HTTP::host]] eq "website1.com")} { HTTP::respond 301 Location "http://website2.com" return } }31Views1like1CommentLoadbalancing WAF appliance using F5 LTM
Hello, I have 5 WAF devices that do not have HA and Loadsharing capabilities! (Please don't ask because I don't know myself :D) I want to balance the incoming traffic to them by placing an LTM in front of them. Unfortunately, my F5 equipment only has LTM capability and our company does not want to buy or upgrade the license for AWAF capability. In your opinion, does this method work and if it does, please tell me what is the most suitable mode for VirtualServer? Thankful56Views0likes3CommentsDTLS support for Citrix Receiver 4.7? (Adaptive Transport, EDT)
Will there be DTLS support for Citrix new "Adaptive Transport" or "Enlightened Data Transport (EDT)" which is based on UDP in APM? This is a new feature since version 4.7 of Citrix Receiver, and version 7.13 of XenDesktop/XenApp. I would definitely want it to be supported asap...760Views0likes6Comments