web proxy XFF header https
Hello, I have recently noticed that my configured F5 proxy is forwarding XFF for http but not for https. For https the F5 is being the broker for client and so client source becomes the F5 for https. Is there any way for the F5 to proxy client WWW traffic and forward XFF? We are running identity awareness on the next hop device. flow is as follows. (F5 VS is explicit http proxy currently) client --> GTM pool to resolve client proxy IP --> GSLB pool (3 x VS) --> Check point with IA (3 in total) In F5 case, the next hop and DG is the Check Point firewall. If the above cannot send XFF for https: is there another way to use the F5 as a WWW proxy and send original client IP or information to the next hop Check Point? if we enabled WWW proxy on the Check Point, can the GTM resolve to the Check Point as a node without proxying the users? There are three routes to the internet for clients Thanks for any help, Derrick5.8KViews0likes3CommentsAdd multiple entries for TXT record in BIND
Hello Folks, I have an existing TXT record for my domain abc.com. As per our security team we have to add an extra token to the TXT record to inform that we actually own the domain. Unsure how to add it. Should i create a new record or can it be appended to existing record. Please advise. Eg : Existing record : "v=spf1 a mx ptr ip4:65.49.39.200/29" , new string : DZC=DlaVBmG Regards, Anoop5.3KViews0likes1CommentBIG-IP Edge client disconnects after authentication and Finalizing then disconnected again
My BIG-IP Edge client on windows 10 has not been able to connect me on this my laptop for 3 weeks now. It was working before but all of sudden stop working. But with same login details i can connect in other laptops except this mine. I can't figure out what has changed and i have not installed anything since that time. Below is the error where it is failing: Error 2018-01-26 6:38:21:715 HOST \HostCtrl.h, CHostCtrl::~CHostCtrl(), stopServer() COM call failed, -2147352567 . . . Error 2018-01-26 6:38:22:721 HOST \proxy.cpp, CHostCtrl::ProxyClose(), Close() failed, -21473525674.9KViews0likes11CommentsCNAME and A record in F5 DNS
Hi, I have F5 GTM version 15.1.2.1 and I have problem in configure A record with cname pool. I created cname pool with long member of Heroku domain and then I add this pool to A record with my domain. When I try to get the A record I made it's not give me the cname I configured. Does anyone can help me? what I'm doing wrong?3.6KViews0likes5CommentsHOW-TO disable Microsoft-HTTPAPI /2.0
To the Microsoft Experts out there This is my (GTM) scenario... There are two Data Centers Each Data Center with its own GTM and its own IIS server ( hosted on Windows 2012 server) ( each IIS server hosting the same website or in other words configure with the same application pool) At the DNS resolution level, GTM works flawlessly.. I have constructed an http monitor validating the host header of the application pool, so when i stop one of the application pool ( in either data center) GTM is capable of detecting the site as "down" and providing DNS response the the one application pool remaining as "up" in the other Data Center. If I do an HTTP capture I can see the "Server" response header with the expected value of "Microsoft IIS 8.5" up until here all good! My problem arises at the Browser/user session level When I go and stop one of the application pool, GTM ( as i said) is capable of detecting the app went down and provides a DNS response to the remaining available site, HOWEVER at the Browser level the user is getting a 503 ERROR message "Service Unavailable". Analyzing the HTTP captures I see the "server" response header with the value of "Microsoft-HTTPAPI / 2.0" as if the IIS is still listening on port 80 for incoming user request Does anyone knows is this API is related to my problem? If so, how to disable it I have attached an screenshot for better clarification Thanks in advanced!2.8KViews0likes2CommentsFinding Virtual Server/Wide IP by just server names
Hi all, I have been given a server which was malfunctioning, at that time I wasn't given any VIP details. The issue has now been fixed but it took two hours as the person requesting was fishing out the VIP details. Just wanted to check if one is given a server, is there any way we can figure out what Virtual Server or WideIP that belongs to.Solved2.5KViews0likes4CommentsUnable to SSH BIG IP F5 GTM
Hi, I have a F5 BIGIP GTM box. I am able to access its GUI. However I am unable to access it via SSH Via doing a SSH via Putty just a black screen appears and nothing else happens. Please if someone can suggest any solution I have checked and my IP address is allowed in the Allowable IP's for SSH2.4KViews0likes17Comments