Forum Discussion

Balasubramaniy2's avatar
Balasubramaniy2
Icon for Nimbostratus rankNimbostratus
Aug 29, 2018

F5 migration from HA proxy

Following settings need to migrated to F5 LTM from HA proxy. kindly help to achieve the same settings in F5.

 

  1. Custom Error page (HTML file) --> when following Error response getting from server 400,403,408,500,502,503,503
  2. Block --> stick-table type ip size 100k expire 30s store conn_rate(3s). if tcp-request from white list IP then accept the request.
  3. http-response add-header X-App-Server %b/%s acl secured_cookie res.hdr(Set-Cookie),lower -m sub secure rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains;\ preload rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if !secured_cookie
  4. Main URL : acl is_admin path_beg /apanel acl is_admin path_beg /administration acl is_admin path_beg /wp-admin --> if above path request comes: then the request send to particular node
  5. acl restricted_page path_beg,url_dec -i /user.php --> allow this path only for whitlist IP's
  6. acl htaccess_redirect path_beg,url_dec -i /.htacces --> redirect to 404 page
  7. acl file_robot path_beg -i /robots.txt --> redirect to home page
application delivery
LTM

2 Replies

Sort By
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Aug 29, 2018

    Hi,

     

    So for your sorry page you can follow this link:

     

    https://devcentral.f5.com/wiki/irules.Automatic_maintenance_page___Sorry_page_with_images.ashx

     

    and this link, check response from kevin about ifile:

     

    https://devcentral.f5.com/questions/irule-maintanance-page-with-ifile

     

    For blocking a specific URI:

     

    https://devcentral.f5.com/questions/irules-blocking-url-47529

     

    https://devcentral.f5.com/questions/block-url-49989

     

    Begin with this 2 steps. let me know if you need help

     

    regards,

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Aug 29, 2018

    OK let's GO We will begin with maintenance page:

    First you have to import all your files (page, png, css, gif):

    • Create your FILE: System ›› File Management ›› Import...
    • then create your ifile: Local Traffic ›› iRules : iFile List ›› New iFile...

    And use this simple Irule for maintenance page that trigged when you have an error 5** for example:

    when HTTP_REQUEST { 

 --- set variable --- 
set host [HTTP::host]
set uri [HTTP::uri]
set alert 0
 --- set variable --- 

 --- Trigged maintenance for Node down --- 
if {[active_members [LB::server pool]] < 1 } {
    if {$uri == "/maintenance_page.html"} {
         do nothing
    } elseif {$uri == "/css/yourcss.css" ||  $uri == "/img/yourgif.gif" || $uri == "/img/yourpng.png" } {
         do nothing
    } else {
        HTTP::redirect "https://$host/maintenance_page.html"
    }
}

 --- load maintenance page object --- 
switch -glob [HTTP::uri] {
    "/maintenance_page.html" { HTTP::respond 200 content [ifile get "/Common/maintenance_page.html"] noserver "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate"
        set alert 1}
    "/css/yourcss.css" { HTTP::respond 200 content [ifile get "/Common/yourcss.css"] noserver "Content-Type" "text/css" "Cache-Control" "no-cache, must-revalidate"
        set alert 1}
    "/img/yourgif.gif" { HTTP::respond 200 content [ifile get "/Common/yourgif.gif"] noserver "Content-Type" "image/gif" "Cache-Control" "no-cache, must-revalidate"
        set alert 1}
    "/img/yourpng.png" { HTTP::respond 200 content [ifile get "/Common/yourpng.png"] noserver "Content-Type" "image/png" "Cache-Control" "no-cache, must-revalidate"
        set alert 1}
    default {
         do nothing 
    }
}
}


when HTTP_RESPONSE {
 --- Trigged maintenance for 500 
if {[HTTP::status] starts_with "5"} {
    HTTP::respond 200 content [ifile get "/Common/maintenance_page.html"] noserver "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate"
} 
}