Get Started with BIG-IP and BIG-IQ Virtual Editions
Try BIG-IP and BIG-IQ Virtual Editions The updated page incudes downloads for AWS, Azure, VMware, Goolge, KVM, Openstack, XEN and HyperV. Deployment templates include Terraform, Azure ARM, Google GDM and Cloudformation. https://www.f5.com/trials/big-ip-virtual-editionGet Started with F5 NGINX Plus, Ingress, App Protect and Management Suite
These free trials available for F5 NGINX Products will get you started on whats available and help you get certified. Try NGINX Plus & NGINX App Protect Try NGINX Ingress Controller with NGINX App Protect Try NGINX Management Suite - NGINXRunning bigip to terraform resources
Hi, Posting here in the hopes someone finds this useful. This is not a product, it's a small open source tool that I've made to help manage our BigIPs. TL;DR: Running BigIP to Terraform resources:https://github.com/schibsted/bigip-to-terraform We recently started speaking about managing our BigIP in a more DevOpsy way at work. We have been using the web GUI most of the time and recently it has become more and more tricky to do transformations on the config text file to do large scale changes. We use terraform for AWS and some other things and I've not used it much myself so I thought I'd give terraform for BigIP a go. After looking at the docs and comparing with our running config and speaking to some different colleagues I found I wanted to see a terraform representation of our running config to see how new resources could be configured. So I wrote a script to dump our running config to terraform resources. It uses the python API to extract VIPs, pools and attendant nodes, writes a skeleton resource file and then "terraform import"s each resource. After that it uses "terraform show" with some light processing to generate a complete and valid terraform .tf file for all the resources found. There is one specific bug in the BigIP plugin to terraform (see the "issues" on github) that stops me from getting a complete automatic extract in our environment. And also for our full configuration (once I've removed the VIP resources that causes problems) "terraform plan" takes between 15 and 25 minutes. So I made a option to extract just VIPs matching a string or RE pattern, as well as their attendant pools and nodes. I've been able to "terraform apply" these back to a BigIP. The README file is quite complete, basically do `./runner` to get it all or `./runner -v 'pattern'` for a substring match in the VIP name, full path or IP number. This is not a migration tool since it does not extract or handle iRules, policies and such at all, they have to exist in the target environment already.
F5 BIG-IP Automatic email notification for system live update (ASM/AWAF signature)
Recently had some request from Security team askingan email to be sent from the F5 BIG-IP when it installs an live update such as ASM signature updates via the automatic schedule. upon looking at KBs it doesn't seem to be a natively embedded function for now. So my idea is to trace system log for signature updates, and generate an SNMP message to trigger email notification. Most syslogs and updates could be found from /log/var/ directory while as some event based log such as Signature updates are located in a different place. https://support.f5.com/csp/article/K82512024 The system live update info is located in /var/log/tomcat/liveupdate.log So the thinking is once the system generate a log after the signature Update, you could try to grab log info and use a unique key word to identify completion of update, and use the key word a customised OID to trigger SNMP trap for system notification. Once you schedule or completed an installation: You should be able to see the log generated with following info: cat /var/log/tomcat/liveupdate.log | grep modifiedEntitiesCount XXXX… {"link":"https://localhost/mgmt/tm/asm/signatures/y5tmU8gG6VdfPFaVbRSPLg","name":"Java code injection - java.util.concurrent.ScheduledThreadPoolExecutor"},{"link":"https://localhost/mgmt/tm/asm/signatures/7KeqKA8hHqv2cfJBXRMz9Q","name":"Java code injection - oracle.jms.AQjmsQueueConnectionFactory"},{"link":"https://localhost/mgmt/tm/asm/signatures/-NXlVMOujg3EvdVKd7PVQA","name":"btoa() (URI)"},{"link":"https://localhost/mgmt/tm/asm/signatures/sqa3ct3N1gOjMZLc3KiNsw","name":"SQL-INJ \"UNION SELECT\" (3) (URI)"},{"link":"https://localhost/mgmt/tm/asm/signatures/J4R4I5KgY8akJtm3TOc55w","name":"\"/etc/php4/apache2/php.ini\" access (Parameter)"},{"link":"https://localhost/mgmt/tm/asm/signatures/S2IcFP11pOpAHjFOSBIi3Q","name":"\"mail\" execution attempt (2) (Header)"},{"link":"https://localhost/mgmt/tm/asm/signatures/HUqMOwJ9SHU6mJF0y3HjBg","name":"SQL-INJ convert(db_name) (Header)"}],"modifiedEntitiesCount":1599} The word: modifiedEntitiesCount seemed to only poppulate upon a installation of signature update completion. so we could use the log key world modifiedEntitiesCount to customise a System OID associate with email alerts https://support.f5.com/csp/article/K3727 add something like the following in to/config/user_alert.conf: alert ASM_update_STATUS " modifiedEntitiesCount(.*)" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.xxx" } and create an email alert with SNMP Trap https://support.f5.com/csp/article/K3667 alert BIGIP_SIG_UPDATE_COMPLETE { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.XXX"; email toaddress="demo@askf5.com" fromaddress="root" body="The Signature has been updated!" } This tricks could also apply to any event based notification you 'd like to sent using keyword from log files. https://support.f5.com/csp/article/K16197 If you would like to put some feed from BIG-IP notification instead of using you log server to filter some tailored events, I hope this could be helpful. Any comments for improvement or correction would be highly appreciatedMitigate the Spring Framework (Spring4Shell) and Spring Cloud Vulnerabilities with BIG-IP
UPDATE from F5 Support:Mitigate the Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities with the BIG-IP system You should consider using this procedure under the following condition: You want to secure your applications against the Spring Framework (CVE-2022-22965 aka Spring4Shell) and Spring Cloud vulnerability CVE-2022-22963 with the BIG-IP system. Note: F5 is still actively monitoring the situation and will update this article and/or signatures when more specific information becomes available. Description You can use the BIG-IP system to mitigate the impact of the Spring4Shell and Spring Cloud vulnerabilities in your infrastructure. For more information about these vulnerabilities, refer to K11510688: Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963. Prerequisites You must meet the following prerequisite to use this procedure: To use the BIG-IP ASM/Advanced WAF mitigation, your BIG-IP system must be licensed and provisioned for the BIG-IP ASM/Advanced WAF module. Spring Framework RCE (Spring4Shell): CVE-2022-22965 Spring Framework DoS: CVE-2022-22950 Spring Cloud RCE: CVE-2022-22963 Impact For products withNonein theVersions known to be vulnerablecolumn, there is no impact. For products with**in the various columns, F5 is still researching the issue and will update this article after confirming the required information. F5 Support has no additional information about this issue. AskF5 Article -Spring Framework (Spring4Shell) and Spring Cloud vulnerabilities CVE-2022-22965, CVE-2022-22950, and CVE-2022-22963 F5 Labs Article:What Are The Spring4Shell Vulnerabilities?New Forums - 2 Tips
Hey everyone, a couple helpful tips: Hit the "..." icon in the editor to expand the toolbar and make sure you insert your code in the code block for proper formatting Make sure you add tags so it's easier for those looking to help in specific categories to find your content. Examples would be irules, ansible, automation toolchain, etc.How are you using things like ChatGPT in your day-to-day life?
How are you all using AI in your day-to-day jobs? Are you using it to create a rough draft of code you then check before implementing? Using it to write emails or other things for you? Using it to check text? Using it for serious business? Using it for fun? One of the funnier things I've seen recently is when I was bemoaning the increasing volume of ChatGPT-generated spam posts, and a colleague sent me a couple screenshots. First, Then,AskF5 (and many other resources) moving to MyF5
Folks, in case you hadn't seen the banner on AskF5 - the articles on that site will be moving to MyF5. This K article has a rundown on everything that is about to happen and if you're responsible for operating, supporting or licensing any F5 products, I suggest you give this a good read through. https://my.f5.com/manage/s/article/K000092555 This is also discussed here:
Sage Hill rallies past Buena Park to reach finals of Girls California Live basketball showcase
LADERA RANCH — Sage Hill’s new wave of basketball talent collided with Buena Park’s established group Friday at the Girls California Live showcase. The new kids on the hardwood prevailed at Ladera Sports Center. Freshman wing Addison Uphoff scored a team-high 17 points off the bench, first-year starting wing Kamdyn Klamberg posted all 14 of her points in the second half and returning point guard Amalia Holguin netted16 points as the Lightning rallied for a 64-59 victory against the Coyotes in the semifinals of the ABT bracket. Freshmen post Eve Fowler chipped in three blocks and six rebounds as she closed the game with Holguin, Uphoff, Klamberg and Northwood transfer Isabella Rose. Java Burn “We’ve came this far, we might as well win this thing,” said Fowler, whose team faces Brentwood in Saturday’s 3 p.m. final. “I’m so excited. This team is so just awesome. We’re all nice to each other. We warmup together. We’re always together. Bench energy as always (is high). Passing. We can shoot.” Sage Hill trailed 31-25 at halftime but scored the first seven points of the second half to take its first lead. Klamberg scored the first five points, including a 3-pointer, and Alyssa Cuff added the go-ahead basket. The teams were tied 42-42 when Uphoff took a rebound and raced the length of the court to complete a three-point play off a drive. Moments later, Uphoff grabbed a steal and sank two foul shots to push the lead to 47-42. Holguin capped the surge with a steal and a behind-the-back assist to Klamberg on a 2-on-1 breakaway. See MoreHow to Make Coffee for Weight Loss
Coffee can be a valuable tool in your weight loss journey when prepared mindfully. Here’s a guide to making coffee that supports your weight loss goals. Choose the Right Coffee Start with high-quality, organic coffee beans. Organic coffee is free from harmful pesticides and provides a cleaner source of caffeine. Opt for black coffee, as it contains virtually no calories and is rich in antioxidants. Skip the Sugar and Cream Avoid adding sugar, cream, or flavored syrups to your coffee. These add unnecessary calories and can spike your blood sugar levels, leading to increased hunger and cravings. Instead, use natural sweeteners like stevia or monk fruit if you need a touch of sweetness. Add Metabolism-Boosting Ingredients Consider adding ingredients known to boost metabolism. A pinch of cinnamon can add flavor and has been shown to help regulate blood sugar levels. Adding a teaspoon of coconut oil or MCT oil can provide healthy fats that increase satiety and energy levels, promoting fat burning. Opt for Bulletproof Coffee Bulletproof coffee, which combines coffee with grass-fed butter and MCT oil, can be a meal replacement that provides sustained energy and helps you feel full longer. Blend it well to create a creamy, satisfying drink. Timing Matters Drinking coffee strategically can enhance its weight loss benefits. Have a cup of coffee in the morning to kickstart your metabolism. Consuming coffee before a workout can also boost your performance and help you burn more calories. Stay Hydrated Remember to drink plenty of water alongside your coffee. Hydration is crucial for weight loss and overall health. By making these mindful adjustments, you can enjoy your daily coffee while supporting your weight loss efforts.
