Wildcard SSL Certificate Deployment on F5 LTM
We utilize F5 load balancer to generate CSR and implement Entrust SSL certificates across all subdomains within our infra. We're exploring the possibility of deploying a wildcard SSL certificate for a domain and its associated subdomains. ltm version is 14.1.5 If feasible, we seek guidance on the process of importing and deploying it within F5.64Views0likes6CommentsProblems connecting to vpn after upgrading to ubuntu 24.04
good afternoon, I have upgraded ubuntu to 24.04 and since then I can no longer connect correctly to the vpn with the f5 client. In the client it appears that I am connected to the vpn, but then I do not reach any of the sites and servers that with the 22.04 version if it arrived. Can you help me.3Views0likes0CommentsWhat happens if I only enable ASM in BIG-IP Under System > Resource Provisioning
Hi; Let's say that I have a Big-IP device licensed for LTM and ASM. However, only the ASM module is enabled under System > Resource provisioning with a level of nominal. I know that in this case, you can have a pool of only one member, but just to double check my information, I want to ask this questions: Is my understanding above incorrect, and in this case, the system does load balance to multiple pool members, or I should enable the LTM module for this to happen? Kindly Wasfi19Views0likes1CommentOpen Redirection Mitigation
hello, ASM has a feature to mitigate the open redirection attacks when the redirect happens at the header level (i.e: with Location in response). When the redirection is within the payload response, the ASM does not block it. do you guys know about any ASM configuration that may address this issue and mitigate this kind of attack ? thanks. o.Solved78Views0likes6CommentsCannot login to Avaya wanx using f5 apm network access
Hi we are facing some issues related to APM network access, we cannot login to our avaya wanx ip phone communicator using network access, but we can ping the call server we are using, but still no luck on login. Is there something we need to adjust on APM network access setup?451Views0likes7CommentsCan iRule be used to perform exception of IPI category based on Geolocation
Hi Everyone, Can we configure iRule to perform exception on certain IPI category like "Spam Sources" based on Geolocation. For instance, I want to bypass the mitigation enforced on "Spam Sources" IP intelligence category for "Nepal" -Geolocation specific because of the large false positives on this category. I found the iRules to enforce the mitigation based on the defined IPI category: when HTTP_REQUEST { set ip_reputation_categories [IP::reputation [IP::client_addr]] set is_reject 0 if {($ip_reputation_categories contains "Windows Exploits")} { set is_reject 1 } if {($ip_reputation_categories contains "Web Attacks")} { set is_reject 1 } if {($is_reject)} { log local0. "Attempted access from malicious IP address [IP::client_addr] ($ip_reputation_categories), request was rejected" HTTP::respond 200 content "<HTML><HEAD><TITLE>Rejected Request</TITLE> </HEAD><BODY>The request was rejected. <BR> Attempted access from malicious IP address</BODY></HTML>" } } https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-local-traffic-manager-implementations/enabling-ip-address-intelligence.html47Views0likes3CommentsiRule condition - request contains more than 10000 parameters
Hello, is it possible to create an iRule: "When request contains more than 10000 parameters then disable ASM policy at request time" (Requests with more than 10000 parameters are dropped / hard reset in default when ASM policy is used.)58Views0likes2Commentshelp irules for compatibilty
Please , someone can help me wiyh the irule below: when HTTP_REQUEST { log local0. "HTTP Method = [HTTP::method]" log local0. "HTTP URI = [HTTP::uri]" log local0. "HTTP Path = [HTTP::path]" log local0. "HTTP Query = [HTTP::query]" log local0. "HTTP Version = [HTTP::version]" log local0. "HTTP Host Header = [HTTP::host]" log local0. "HTTP User Agent Header = [HTTP::header value "user-agent"]" if { [HTTP::host] eq "pp.appro-cb.pmu.fr" }{ pool POOL__PREPR SSL::disable serverside HTTP::header insert X-Forwarded-For [IP::remote_addr] } elseif { [HTTP::host] contains "lab.tech.zu" }{ pool POOL_GITLAB } elseif { [HTTP::host] contains "nessus.tech.ai" }{ pool POOL_NEXUS } elseif { [HTTP::host] contains "rai5.pp.ei" }{ pool POOL_STP_RE5_appv1 } elseif { [HTTP::host] contains "apicccc-tech.ai" }{ pool POOL_APICMD_TST } elseif { [HTTP::host] contains "myhome-pp.pcc.ai"}{ pool POOL_MYBET_PP HTTP::header insert Access-Control-Allow-Origin "[HTTP::header Origin]" \ HTTP::header insert Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" \ HTTP::header inster Access-Control-Expose-Header "Pmu-Session-Id" \ HTTP::header insert Access-Control-Allow-Headers "Pmu-Session-Id,OTT,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,correlationId,emetteur,idDevice" \ HTTP::header insert Access-Control-Allow-Credentials "true" return } }26Views0likes2Commentshttp protocol compliance
Hello All, We experienced a issue with specific end user only, when user is accessing a application he is getting error message , on basis of support ID we came to know it is "http protocol compliance failed" violation on ASM. We are not able to find the exact feature in http protocol compliance field which is blocking user to access the site. As workaround we have unchecked the block option of "http protocol compliance failed" in policy building > learning policies and things started working. Can anyone please share what to look for actually in the violation details to implement the recommended solution as what we did is workaround only and may not be recommended fix. Rgds ***26Views0likes1Comment